Important: booth security update

2024-06-0600:00:00

errata.almalinux.org

booth

cluster ticket manager

high availability

security update

consensus-based service

distributed

authorization

pacemaker

resource managers

cve-2024-3049

cvss score

references

impact

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

35.2%

JSON

The Booth cluster ticket manager is a component to bridge high availability
clusters spanning multiple sites, in particular, to provide decision inputs to
local Pacemaker cluster resource managers. It operates as a distributed
consensus-based service, presumably on a separate physical network. Tickets
facilitated by a Booth formation are the units of authorization that can be
bound to certain resources. This will ensure that the resources are run at only
one (granted) site at a time.

Security Fix(es):

booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server (CVE-2024-3049)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
almalinux8noarchbooth-arbitrator< 1.1-1.el8_10.1booth-arbitrator-1.1-1.el8_10.1.noarch.rpm
almalinux8noarchbooth-site< 1.1-1.el8_10.1booth-site-1.1-1.el8_10.1.noarch.rpm
almalinux8noarchbooth-test< 1.1-1.el8_10.1booth-test-1.1-1.el8_10.1.noarch.rpm
almalinux8x86_64booth< 1.1-1.el8_10.1booth-1.1-1.el8_10.1.x86_64.rpm
almalinux8x86_64booth-core< 1.1-1.el8_10.1booth-core-1.1-1.el8_10.1.x86_64.rpm
almalinux8aarch64booth< 1.1-1.el8_10.1booth-1.1-1.el8_10.1.aarch64.rpm
almalinux8aarch64booth-core< 1.1-1.el8_10.1booth-core-1.1-1.el8_10.1.aarch64.rpm
almalinux8ppc64lebooth-core< 1.1-1.el8_10.1booth-core-1.1-1.el8_10.1.ppc64le.rpm
almalinux8ppc64lebooth< 1.1-1.el8_10.1booth-1.1-1.el8_10.1.ppc64le.rpm
almalinux8s390xbooth-core< 1.1-1.el8_10.1booth-core-1.1-1.el8_10.1.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
almalinux	8	noarch	booth-arbitrator	< 1.1-1.el8_10.1	booth-arbitrator-1.1-1.el8_10.1.noarch.rpm
almalinux	8	noarch	booth-site	< 1.1-1.el8_10.1	booth-site-1.1-1.el8_10.1.noarch.rpm
almalinux	8	noarch	booth-test	< 1.1-1.el8_10.1	booth-test-1.1-1.el8_10.1.noarch.rpm
almalinux	8	x86_64	booth	< 1.1-1.el8_10.1	booth-1.1-1.el8_10.1.x86_64.rpm
almalinux	8	x86_64	booth-core	< 1.1-1.el8_10.1	booth-core-1.1-1.el8_10.1.x86_64.rpm
almalinux	8	aarch64	booth	< 1.1-1.el8_10.1	booth-1.1-1.el8_10.1.aarch64.rpm
almalinux	8	aarch64	booth-core	< 1.1-1.el8_10.1	booth-core-1.1-1.el8_10.1.aarch64.rpm
almalinux	8	ppc64le	booth-core	< 1.1-1.el8_10.1	booth-core-1.1-1.el8_10.1.ppc64le.rpm
almalinux	8	ppc64le	booth	< 1.1-1.el8_10.1	booth-1.1-1.el8_10.1.ppc64le.rpm
almalinux	8	s390x	booth-core	< 1.1-1.el8_10.1	booth-core-1.1-1.el8_10.1.s390x.rpm