[ClusterLabs] FYI: Pacemaker vulnerability CVE-2020-25654

Ken Gaillot kgaillot at redhat.com
Tue Oct 27 11:06:39 EDT 2020

Hi all,

A vulnerability was found in Pacemaker allowing a user who is in the
haclient group but restricted by ACLs to bypass those ACLs. It has been
assigned the ID CVE-2020-25654.

This will be fixed in the 2.0 and master branches today, along with a
2.0.5-rc2 release that includes the fix. It will also be fixed in the
1.1 branch along with a 1.1.24-rc1 release that includes just this. I
will also post patches for the 2.0.3 and 2.0.4 releases to the 
developers at clusterlabs.org list.
Ken Gaillot <kgaillot at redhat.com>

More information about the Users mailing list