virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments.
libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=3e2f27e13b94f7302ad948bcacb5e02c859a25fc
libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=8c3586ea755c40d5e01b22cb7b5c1e668cdec994
libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=b7fcc799ad5d8f3e55b89b94e599903e3c092467
lists.fedoraproject.org/pipermail/package-announce/2013-November/121370.html
secunia.com/advisories/60895
security.gentoo.org/glsa/glsa-201412-04.xml
wiki.libvirt.org/page/Maintenance_Releases
bugzilla.redhat.com/show_bug.cgi?id=1015228