ALSA-2022:6580

[ALSA-2022:6580] Moderate: booth security update

Type:

security

Severity:

moderate

Release date:

2022-10-14

Description:

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network. Tickets facilitated by a Booth formation are the units of authorization that can be bound to certain resources. This will ensure that the resources are run at only one (granted) site at a time.

Security Fix(es):

* booth: authfile directive in booth config file is completely ignored. (CVE-2022-2553)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	booth-core-1.0-251.3.bfb2f92.git.el9_0.1.aarch64.rpm	39191e64e9f97442c24306f5d8e46f2af51d10acb65dc72f7f99e553051fcbe6
aarch64	booth-1.0-251.3.bfb2f92.git.el9_0.1.aarch64.rpm	5a8091a1545d77a173b383c8c07db13200ca7d80abca136801a7b98861cae3b2
noarch	booth-site-1.0-251.3.bfb2f92.git.el9_0.1.noarch.rpm	716bf3a5fe07a7ea283e8876dec1b16a256a8dc350cdfc28246c38c2585d686d
noarch	booth-arbitrator-1.0-251.3.bfb2f92.git.el9_0.1.noarch.rpm	88e73d22bc86d72870fea93ca6f6a99cdd74d463024ea11ceed01b2d473a8a20
noarch	booth-test-1.0-251.3.bfb2f92.git.el9_0.1.noarch.rpm	e1ec94a19684f02911ad1435aea6965fef07990a888f9e81de2884d753fca0e9
ppc64le	booth-core-1.0-251.3.bfb2f92.git.el9_0.1.ppc64le.rpm	0213e5f2f5d2ad4bac11d61fd57a5ff92301cbd7a9e750e244a2585cf9aebb56
ppc64le	booth-1.0-251.3.bfb2f92.git.el9_0.1.ppc64le.rpm	87f7f1a6a2d83a0ac54d9799e3b77b47dec64f9cf2f4c2edd3e8ce497420febf
s390x	booth-core-1.0-251.3.bfb2f92.git.el9_0.1.s390x.rpm	a384a5c0e53adf830d64a9e3e01a56d7ee07dfe84e4b00071ee5490edf0df1a2
s390x	booth-1.0-251.3.bfb2f92.git.el9_0.1.s390x.rpm	b82d7c5cb9a67dc78224b7805fb0db7266dee2f93261e5c2f74871ff7ead1684
x86_64	booth-core-1.0-251.3.bfb2f92.git.el9_0.1.x86_64.rpm	a7c7b8921db2131f689cb25fafe724379abfdb845b7d2b16fb3188bb764fb8b7
x86_64	booth-1.0-251.3.bfb2f92.git.el9_0.1.x86_64.rpm	bceb51d38a54080cd96ce2a300bc76dd467c1d8075e5b848cddf5135218f2d81

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.