[ALSA-2024:3661] Important: booth security update
Type:
security
Severity:
important
Release date:
2024-06-11
Description:
The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network. Tickets facilitated by a Booth formation are the units of authorization that can be bound to certain resources. This will ensure that the resources are run at only one (granted) site at a time. Security Fix(es): * booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server (CVE-2024-3049) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 booth-core-1.1-1.el9_4.1.aarch64.rpm 9fbfc642b913732a47b38b77146504bd9c50f009e7b680691159cded16795cb6
aarch64 booth-1.1-1.el9_4.1.aarch64.rpm b70ed3bd8df74e633be046a3d47b4786adafba4acdf165d07c28d326ca3bdd3e
noarch booth-site-1.1-1.el9_4.1.noarch.rpm 0c297c1f24f27bad5443c416d74fc11a18f52a9345fa8dd99cc5213ff742f6fb
noarch booth-test-1.1-1.el9_4.1.noarch.rpm d657c58145373cce5ce31bc9d505a5008903c7dac20edd1d65c9815e66da06f2
noarch booth-arbitrator-1.1-1.el9_4.1.noarch.rpm ec139870243943e962cb2a16267b44079ec903af79930b62d30ce9037d0a8845
ppc64le booth-core-1.1-1.el9_4.1.ppc64le.rpm 28a02eedccf06e48b85b60004234ff4cd68a9268d2505a545cfa5c18d7891d44
ppc64le booth-1.1-1.el9_4.1.ppc64le.rpm a62f9d717bbbb1622b8a12c4a92f1eea588e3e00d7c5c2f723c9e66712dde856
s390x booth-1.1-1.el9_4.1.s390x.rpm 090c0660b0288dbaf3ea5801c368d5ac3218e84897f9851100ab4fe5a6123507
s390x booth-core-1.1-1.el9_4.1.s390x.rpm 781fe77790f129546da58195f198bf6a38d7d1ed33471caec9cecddf5f94e18a
x86_64 booth-core-1.1-1.el9_4.1.x86_64.rpm a4111a51fcc56c8c8301ba89890c3d458896a4d60ef80c4a554fd29546131853
x86_64 booth-1.1-1.el9_4.1.x86_64.rpm d93d508312181a0e497782ff9407e90326790c0123074a397089dd224eb60c4b
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.