A flaw was found in libvirt where libvirtd could crash due to how XML was parsed [1]. With the introduction of ACL permissions in libvirt 1.1.0, this flaw could be manipulated to allow a remote user with connect:read privileges to elevate them to the more permissive domain:write privilege. This vulnerability was introduced in libvirt 1.1.0. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1012196;
Statement: Not vulnerable. This issue did not affect the versions of libvirt package as shipped with Red Hat Enterprise Linux 5 and 6.
Upstream commit: http://libvirt.org/git/?p=libvirt.git;a=commit;h=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c