Mandriva Linux Security Advisory 2014-162 - Untrusted search path vulnerability in Catfish allows local users to gain privileges via a Trojan horse catfish.py in the current working directory.
b0c314e22c41ff39beee0ffc571c39b44eeff2914e97fe3ab3a560cfb144c1f7