From $URL : Description A vulnerability has been reported in libvirt, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused due to a use-after-free error in the "virNetMessageFree()" function (src/rpc/virnetserverclient.c) and can be exploited to dereference already freed memory. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 1.0.1. Other versions may also be affected. Solution Fixed in the GIT repository.
The advisory is a bit unfortunate. It affects a lot more versions than just 1.0.1 or 1.x. Perfect example is the fact that RHEL released updates for 0.9.6 and newer for Fedora and RHEL6.
http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720 is the fix
New GLSA request filed.
CVE-2013-0170 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0170): Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.
This issue was resolved and addressed in GLSA 201309-18 at http://security.gentoo.org/glsa/glsa-201309-18.xml by GLSA coordinator Chris Reffett (creffett).