Red Hat Bugzilla – Bug 620356
CVE-2010-2794 spice-xpi symlink attack
Last modified: 2015-08-21 19:43:20 EDT
Spice-xpi uses predictable name for it's log file which a malicious user could use to overwrite arbitrary files via a symlink attack, with the privileges of the user running spice-xpi.
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2010:0651 https://rhn.redhat.com/errata/RHSA-2010-0651.html