booth security update

2024-06-1414:00:41

Rockylinux Product Errata

errata.rockylinux.org

rocky linux 9

specially crafted hash

cvss

pacemaker cluster

distributed consensus-based service

cve-2024-3049

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

35.1%

JSON

An update is available for booth.
This update affects Rocky Linux 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network. Tickets facilitated by a Booth formation are the units of authorization that can be bound to certain resources. This will ensure that the resources are run at only one (granted) site at a time.

Security Fix(es):

booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server (CVE-2024-3049)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
rocky9aarch64booth< 1.1-1.el9_4.1booth-0:1.1-1.el9_4.1.aarch64.rpm
rocky9x86_64booth< 1.1-1.el9_4.1booth-0:1.1-1.el9_4.1.x86_64.rpm
rocky9noarchbooth-arbitrator< 1.1-1.el9_4.1booth-arbitrator-0:1.1-1.el9_4.1.noarch.rpm
rocky9aarch64booth-core< 1.1-1.el9_4.1booth-core-0:1.1-1.el9_4.1.aarch64.rpm
rocky9x86_64booth-core< 1.1-1.el9_4.1booth-core-0:1.1-1.el9_4.1.x86_64.rpm
rocky9aarch64booth-core-debuginfo< 1.1-1.el9_4.1booth-core-debuginfo-0:1.1-1.el9_4.1.aarch64.rpm
rocky9x86_64booth-core-debuginfo< 1.1-1.el9_4.1booth-core-debuginfo-0:1.1-1.el9_4.1.x86_64.rpm
rocky9aarch64booth-debugsource< 1.1-1.el9_4.1booth-debugsource-0:1.1-1.el9_4.1.aarch64.rpm
rocky9x86_64booth-debugsource< 1.1-1.el9_4.1booth-debugsource-0:1.1-1.el9_4.1.x86_64.rpm
rocky9noarchbooth-site< 1.1-1.el9_4.1booth-site-0:1.1-1.el9_4.1.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
rocky	9	aarch64	booth	< 1.1-1.el9_4.1	booth-0:1.1-1.el9_4.1.aarch64.rpm
rocky	9	x86_64	booth	< 1.1-1.el9_4.1	booth-0:1.1-1.el9_4.1.x86_64.rpm
rocky	9	noarch	booth-arbitrator	< 1.1-1.el9_4.1	booth-arbitrator-0:1.1-1.el9_4.1.noarch.rpm
rocky	9	aarch64	booth-core	< 1.1-1.el9_4.1	booth-core-0:1.1-1.el9_4.1.aarch64.rpm
rocky	9	x86_64	booth-core	< 1.1-1.el9_4.1	booth-core-0:1.1-1.el9_4.1.x86_64.rpm
rocky	9	aarch64	booth-core-debuginfo	< 1.1-1.el9_4.1	booth-core-debuginfo-0:1.1-1.el9_4.1.aarch64.rpm
rocky	9	x86_64	booth-core-debuginfo	< 1.1-1.el9_4.1	booth-core-debuginfo-0:1.1-1.el9_4.1.x86_64.rpm
rocky	9	aarch64	booth-debugsource	< 1.1-1.el9_4.1	booth-debugsource-0:1.1-1.el9_4.1.aarch64.rpm
rocky	9	x86_64	booth-debugsource	< 1.1-1.el9_4.1	booth-debugsource-0:1.1-1.el9_4.1.x86_64.rpm
rocky	9	noarch	booth-site	< 1.1-1.el9_4.1	booth-site-0:1.1-1.el9_4.1.noarch.rpm