uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.Referenceshttp://lists.freedesktop.org/archives/uim/2005-February/000996.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:046http://www.securityfocus.com/bid/12604http://secunia.com/advisories/13981
