A flaw was found in the way message freeing on connection cleanup was handled under certain error conditions. A remote user able to issue commands to libvirt daemon could use this flaw to crash libvirtd or, potentially, escalate their privilages to that of libvirtd process. Acknowledgements: This issue was discovered by Tingting Zheng of Red Hat.
Statement: Not vulnerable. This issue did not affect the versions of libvirt as shipped with Red Hat Enterprise Linux 5.
Created libvirt tracking bugs for this issue Affects: fedora-all [bug 905173]
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0199 https://rhn.redhat.com/errata/RHSA-2013-0199.html
Relevant upstream patch: http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720
libvirt-0.10.2.3-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
libvirt-0.9.6.4-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
libvirt-0.9.11.9-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.