libvirt is vulnerable to information disclosure. It was found that libvirt did not set the user-defined backing store format when creating a new image, possibly resulting in applications having to probe the backing store to discover the format. A privileged guest user could use this flaw to read arbitrary files on the host.
libvirt.org/news.html
lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html
lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html
lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
ubuntu.com/usn/usn-1008-1
ubuntu.com/usn/usn-1008-2
ubuntu.com/usn/usn-1008-3
www.redhat.com/security/updates/classification/#low
www.redhat.com/support/errata/RHSA-2010-0615.html
www.vupen.com/english/advisories/2010/2062
www.vupen.com/english/advisories/2010/2763
access.redhat.com/errata/RHSA-2010:0615
bugzilla.redhat.com/show_bug.cgi?id=607812