ALSA-2024:3659

Source
https://errata.almalinux.org/8/ALSA-2024-3659.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3659.json
JSON Data
https://api.test.osv.dev/v1/vulns/ALSA-2024:3659
Related
Published
2024-06-06T00:00:00Z
Modified
2024-06-11T12:24:50Z
Summary
Important: booth security update
Details

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network. Tickets facilitated by a Booth formation are the units of authorization that can be bound to certain resources. This will ensure that the resources are run at only one (granted) site at a time.

Security Fix(es):

  • booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server (CVE-2024-3049)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:8 / booth

Package

Name
booth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1-1.el8_10.1

AlmaLinux:8 / booth-arbitrator

Package

Name
booth-arbitrator

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1-1.el8_10.1

AlmaLinux:8 / booth-core

Package

Name
booth-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1-1.el8_10.1

AlmaLinux:8 / booth-site

Package

Name
booth-site

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1-1.el8_10.1

AlmaLinux:8 / booth-test

Package

Name
booth-test

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1-1.el8_10.1