[ALSA-2024:3659] Important: booth security update
Type:
security
Severity:
important
Release date:
2024-06-11
Description:
The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network. Tickets facilitated by a Booth formation are the units of authorization that can be bound to certain resources. This will ensure that the resources are run at only one (granted) site at a time. Security Fix(es): * booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server (CVE-2024-3049) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 booth-1.1-1.el8_10.1.aarch64.rpm 85ea6407e2a5f69392c6962042722f0d32f155d2af3af983d3317ed4b17a690b
aarch64 booth-core-1.1-1.el8_10.1.aarch64.rpm a5bf69a91d34fdbc8e219fc1a72d0f82b170d74a3ab25cc0fe430255d1863ed5
noarch booth-arbitrator-1.1-1.el8_10.1.noarch.rpm 2ed42efdc796a6e5db1ceefca4ffb07a8bac87521853a49c3bf5e94878171c8b
noarch booth-site-1.1-1.el8_10.1.noarch.rpm 9186b82d9917d72fb035cc9091e649749cda857a06ed91c147918cc90bec0e1a
noarch booth-test-1.1-1.el8_10.1.noarch.rpm a2b68433ada8ea79abd222e70084898349c77f54dc97321ba47c40a2317a4551
ppc64le booth-core-1.1-1.el8_10.1.ppc64le.rpm 5b2dd5e294f22e9cedbb8e9e926f34cf0508b06f78ea588a172aa8c8edb2af19
ppc64le booth-1.1-1.el8_10.1.ppc64le.rpm 9f737897e0c5046c16cf75d38244c9db3dac0d79feb72ec315fc375bee783416
s390x booth-core-1.1-1.el8_10.1.s390x.rpm 22c781da2ce00b5a138c5b22be8b1a53d13a2683e08392d76a5f7059ffcfd131
s390x booth-1.1-1.el8_10.1.s390x.rpm a69158f089f7e2fa30984edce3c62cbad4b8875509878f3f24557c15dada8ad2
x86_64 booth-1.1-1.el8_10.1.x86_64.rpm 200af4f69b151f23912710613d8533a17dc9302f7ce72505526e47f42f7ec966
x86_64 booth-core-1.1-1.el8_10.1.x86_64.rpm cfc8d71330da1fcb4c237b91e1193ffbd1fe6ecd673bdc76aabd8fa849930f9f
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.