The virSecurityManagerGetPrivateData function in security/security_manager.c
in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call,
which causes incorrect processing of "security manager private data" that
"reopens disk probing" and might allow guest OS users to read arbitrary
files on the host OS. NOTE: this vulnerability exists because of a
Added to pending GLSA request.
Versions affected are no longer in tree.
This issue was resolved and addressed in
GLSA 201202-07 at http://security.gentoo.org/glsa/glsa-201202-07.xml
by GLSA coordinator Stefan Behte (craig).