libvirt is vulnerable to information disclosure. It was found that libvirt created insecure iptables rules on the host when a guest system was configured for IP masquerading, allowing the guest to use privileged ports on the host when accessing network resources. A privileged guest user could use this flaw to access network resources that would otherwise not be accessible to the guest.
libvirt.org/news.html
lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html
lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html
lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
ubuntu.com/usn/usn-1008-1
ubuntu.com/usn/usn-1008-2
ubuntu.com/usn/usn-1008-3
www.redhat.com/security/updates/classification/#low
www.redhat.com/support/errata/RHSA-2010-0615.html
www.vupen.com/english/advisories/2010/2062
www.vupen.com/english/advisories/2010/2763
access.redhat.com/errata/RHSA-2010:0615
bugs.launchpad.net/ubuntu/+source/libvirt/+bug/591943
bugzilla.redhat.com/show_bug.cgi?id=602455