RLSA-2024:3659

Source
https://errata.rockylinux.org/RLSA-2024:3659
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2024:3659.json
JSON Data
https://api.test.osv.dev/v1/vulns/RLSA-2024:3659
Related
Published
2024-06-14T13:59:33.077645Z
Modified
2024-06-14T14:02:42.454518Z
Summary
Important: booth security update
Details

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network. Tickets facilitated by a Booth formation are the units of authorization that can be bound to certain resources. This will ensure that the resources are run at only one (granted) site at a time.

Security Fix(es):

  • booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server (CVE-2024-3049)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:8 / booth

Package

Name
booth
Purl
pkg:rpm/rocky-linux/booth?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.1-1.el8_10.1