pacemaker is vulnerable to privilege escalation attacks. The vulnerability exists as pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command.
lists.fedoraproject.org/pipermail/package-announce/2015-November/170610.html
lists.fedoraproject.org/pipermail/package-announce/2015-October/169671.html
lists.fedoraproject.org/pipermail/package-announce/2015-October/169995.html
rhn.redhat.com/errata/RHSA-2015-1424.html
rhn.redhat.com/errata/RHSA-2015-2383.html
www.securityfocus.com/bid/74231
access.redhat.com/errata/RHSA-2015:1424
access.redhat.com/errata/RHSA-2015:2383
access.redhat.com/security/cve/CVE-2015-1867
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1163982
bugzilla.redhat.com/show_bug.cgi?id=1177821
bugzilla.redhat.com/show_bug.cgi?id=1207621
bugzilla.redhat.com/show_bug.cgi?id=1211370
github.com/ClusterLabs/pacemaker/commit/84ac07c
rhn.redhat.com/errata/RHSA-2015-1424.html
security.gentoo.org/glsa/201710-08