ALSA-2024:3661

Source
https://errata.almalinux.org/9/ALSA-2024-3661.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:3661.json
JSON Data
https://api.test.osv.dev/v1/vulns/ALSA-2024:3661
Related
Published
2024-06-06T00:00:00Z
Modified
2024-06-11T12:22:44Z
Summary
Important: booth security update
Details

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network. Tickets facilitated by a Booth formation are the units of authorization that can be bound to certain resources. This will ensure that the resources are run at only one (granted) site at a time.

Security Fix(es):

  • booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server (CVE-2024-3049)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:9 / booth

Package

Name
booth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1-1.el9_4.1

AlmaLinux:9 / booth-arbitrator

Package

Name
booth-arbitrator

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1-1.el9_4.1

AlmaLinux:9 / booth-core

Package

Name
booth-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1-1.el9_4.1

AlmaLinux:9 / booth-site

Package

Name
booth-site

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1-1.el9_4.1

AlmaLinux:9 / booth-test

Package

Name
booth-test

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1-1.el9_4.1