Spice-xpi uses predictable name for it's log file which a malicious user could use to overwrite arbitrary files via a symlink attack, with the privileges of the user running spice-xpi.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0651 https://rhn.redhat.com/errata/RHSA-2010-0651.html