It was reported that virt-login-shell, an suid-root program, did not sanitize its environment variables or command-line interface arguments properly. This could allow a local user to overwrite arbitrary files as root and elevate their privileges. This vulnerability was introduced in libvirt 1.1.2. Acknowledgements: Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for reporting this issue.
Statement: Not vulnerable. This issue did not affect the versions of libvirt package as shipped with Red Hat Enterprise Linux 5 and 6.
Upstream commits: http://libvirt.org/git/?p=libvirt.git;a=commit;h=8c3586ea755c40d5e01b22cb7b5c1e668cdec994 http://libvirt.org/git/?p=libvirt.git;a=commit;h=b7fcc799ad5d8f3e55b89b94e599903e3c092467 http://libvirt.org/git/?p=libvirt.git;a=commit;h=3e2f27e13b94f7302ad948bcacb5e02c859a25fc
Created libvirt tracking bugs for this issue: Affects: fedora-all [bug 1025685]
libvirt-1.1.3.1-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.