It was found that libvirt did not honour the user defined main disk format
in guest XML when looking up disk backing stores in the security drivers.
This could be possibly exploited by priviledged guest user to access
arbitrary files on the host.
This issue affects libvirt >= 0.6.1.
Not vulnerable. This issue did not affect the version of libvirt as shipped with Red Hat Enterprise Linux 5.
Created libvirt tracking bugs for this issue
Affects: fedora-all [bug 613625]
libvirt-0.8.2-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
libvirt-0.8.2-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.