Your submission was sent successfully! Close

CVE-2015-1867

Published: 12 August 2015

Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command.

Priority

Medium

Status

Package Release Status
pacemaker
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)
Patches:
Upstream: https://github.com/ClusterLabs/pacemaker/commit/84ac07c

Notes

AuthorNote
mdeslaur
introduced by f242c1ef in 1.1.12-rc1
fixed by 84ac07c in 1.1.13-rc2

References