The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3
checks for the connect:read permission instead of the connect:write
permission, which allows attackers to gain domain:write privileges and
execute Qemu binaries via crafted XML. NOTE: some of these details are
obtained from third party information.
Filing for tracking.
Added to GLSA request.
This issue was resolved and addressed in
GLSA 201412-04 at http://security.gentoo.org/glsa/glsa-201412-04.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).