Security Fix
This patch prevents an unauthorized user from locking or unlocking a node.

diff -r -u checkout.orig/checkout.module checkout/checkout.module
--- checkout.orig/checkout.module	2009-05-08 12:39:01.000000000 -0500
+++ checkout/checkout.module	2009-05-08 12:45:47.000000000 -0500
@@ -207,17 +207,22 @@
   $previous_nid = checkout_get_nid($referer);
   $current_nid = checkout_get_nid($_GET['q']);
 
+
   // Check whether to release a previously edited node.
   if ($previous_nid && (!$current_nid || $current_nid != $previous_nid)) {
-    checkout_release($previous_nid, $uid);
+    if (node_access('edit', $previous_nid)){
+      checkout_release($previous_nid, $uid);
+    }
   }
 
   // Check whether to lock the current node.
   if ($current_nid && (!$previous_nid || $previous_nid != $current_nid)) {
     // Try to lock the node.
-    if (!checkout_node($current_nid, $uid)) {
-      // Node already locked: send back to refering page.
-      drupal_goto(referer_uri());
+    if (node_access('edit', $current_nid)){
+      if (!checkout_node($current_nid, $uid)) {
+        // Node already locked: send back to refering page.
+        drupal_goto(referer_uri());
+      }
     }
   }
 }