It was found that libvirt did not extract the defined disk backing store format when recursing into disk image backing stores in the security drivers. This could be possibly exploited by priviledged guest user to access arbitrary files on the host.
This issue affects libvirt >= 0.7.2.
Statement: Not vulnerable. This issue did not affect the version of libvirt as shipped with Red Hat Enterprise Linux 5.
Created libvirt tracking bugs for this issue Affects: fedora-all [bug 613625]
libvirt-0.8.2-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
libvirt-0.8.2-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.