(RHSA-2024:3659) Important: booth security update

2024-06-0605:13:53

access.redhat.com

booth cluster

security update

distributed consensus-based service

high availability

pacemaker cluster

authorization

resource management

cve-2024-3049

cvss score

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

35.7%

JSON

The Booth cluster ticket manager is a component to bridge high availability
clusters spanning multiple sites, in particular, to provide decision inputs to
local Pacemaker cluster resource managers. It operates as a distributed
consensus-based service, presumably on a separate physical network. Tickets
facilitated by a Booth formation are the units of authorization that can be
bound to certain resources. This will ensure that the resources are run at only
one (granted) site at a time.

Security Fix(es):

booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server (CVE-2024-3049)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8ppc64lebooth-core-debuginfo< 1.1-1.el8_10.1booth-core-debuginfo-1.1-1.el8_10.1.ppc64le.rpm
RedHat8noarchbooth-arbitrator< 1.1-1.el8_10.1booth-arbitrator-1.1-1.el8_10.1.noarch.rpm
RedHat8s390xbooth< 1.1-1.el8_10.1booth-1.1-1.el8_10.1.s390x.rpm
RedHat8x86_64booth-debugsource< 1.1-1.el8_10.1booth-debugsource-1.1-1.el8_10.1.x86_64.rpm
RedHat8noarchbooth-site< 1.1-1.el8_10.1booth-site-1.1-1.el8_10.1.noarch.rpm
RedHat8ppc64lebooth-core< 1.1-1.el8_10.1booth-core-1.1-1.el8_10.1.ppc64le.rpm
RedHat8aarch64booth-debugsource< 1.1-1.el8_10.1booth-debugsource-1.1-1.el8_10.1.aarch64.rpm
RedHat8s390xbooth-core-debuginfo< 1.1-1.el8_10.1booth-core-debuginfo-1.1-1.el8_10.1.s390x.rpm
RedHat8x86_64booth< 1.1-1.el8_10.1booth-1.1-1.el8_10.1.x86_64.rpm
RedHat8x86_64booth-core-debuginfo< 1.1-1.el8_10.1booth-core-debuginfo-1.1-1.el8_10.1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	ppc64le	booth-core-debuginfo	< 1.1-1.el8_10.1	booth-core-debuginfo-1.1-1.el8_10.1.ppc64le.rpm
RedHat	8	noarch	booth-arbitrator	< 1.1-1.el8_10.1	booth-arbitrator-1.1-1.el8_10.1.noarch.rpm
RedHat	8	s390x	booth	< 1.1-1.el8_10.1	booth-1.1-1.el8_10.1.s390x.rpm
RedHat	8	x86_64	booth-debugsource	< 1.1-1.el8_10.1	booth-debugsource-1.1-1.el8_10.1.x86_64.rpm
RedHat	8	noarch	booth-site	< 1.1-1.el8_10.1	booth-site-1.1-1.el8_10.1.noarch.rpm
RedHat	8	ppc64le	booth-core	< 1.1-1.el8_10.1	booth-core-1.1-1.el8_10.1.ppc64le.rpm
RedHat	8	aarch64	booth-debugsource	< 1.1-1.el8_10.1	booth-debugsource-1.1-1.el8_10.1.aarch64.rpm
RedHat	8	s390x	booth-core-debuginfo	< 1.1-1.el8_10.1	booth-core-debuginfo-1.1-1.el8_10.1.s390x.rpm
RedHat	8	x86_64	booth	< 1.1-1.el8_10.1	booth-1.1-1.el8_10.1.x86_64.rpm
RedHat	8	x86_64	booth-core-debuginfo	< 1.1-1.el8_10.1	booth-core-debuginfo-1.1-1.el8_10.1.x86_64.rpm