booth-1.0-199.1.ac1d34c.git.el8.1

エラータID: AXSA:2022-3841:01

Release date: 
Wednesday, September 14, 2022 - 10:03
Subject: 
booth-1.0-199.1.ac1d34c.git.el8.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The Booth cluster ticket manager is a component to bridge high availability
clusters spanning multiple sites, in particular, to provide decision inputs to
local Pacemaker cluster resource managers. It operates as a distributed
consensus-based service, presumably on a separate physical network. Tickets
facilitated by a Booth formation are the units of authorization that can be
bound to certain resources. This will ensure that the resources are run at only
one (granted) site at a time.

Security Fix(es):

booth: authfile directive in booth config file is completely ignored.
(CVE-2022-2553)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2022-2553
The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.

Solution: 

Update packages.

CVEs: 
CVE-2022-2553
The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.
Additional Info: 

N/A

Download: 

SRPMS
  1. booth-1.0-199.1.ac1d34c.git.el8.1.src.rpm
    MD5: aa3fd806014ed805b8afde06f07b3578
    SHA-256: 9100e4f0369b07ec499bbb86aba9a507582e003b476066fb31529f0da80c71a2
    Size: 159.91 kB

Asianux Server 8 for x86_64
  1. booth-1.0-199.1.ac1d34c.git.el8.1.x86_64.rpm
    MD5: dad8473bd06cb365245cf268c99a2d25
    SHA-256: 72a61acac15fa8f4d119d637ba75a77d17d60176f1468baaaab02470babde966
    Size: 9.27 kB
  2. booth-arbitrator-1.0-199.1.ac1d34c.git.el8.1.noarch.rpm
    MD5: 529adf8a1d3838b71186532167eac9e7
    SHA-256: ce2dde2ef160f09e7e199e476b4904d54cb179adc4381c20a4f71ed9917469c8
    Size: 10.92 kB
  3. booth-core-1.0-199.1.ac1d34c.git.el8.1.x86_64.rpm
    MD5: ac201e4239d3d67f64fcc11ee38fe17d
    SHA-256: 7ae96ec038e9be80f973da12e937b200255459b1f5ab5b90406884d843c9f49c
    Size: 106.90 kB
  4. booth-site-1.0-199.1.ac1d34c.git.el8.1.noarch.rpm
    MD5: b696d2d15b210e838a8a648f56a884bc
    SHA-256: a96598eb9fa3c1664ae21a104e04528e12901abc878adb40428f94772bb29bd9
    Size: 17.28 kB
  5. booth-test-1.0-199.1.ac1d34c.git.el8.1.noarch.rpm
    MD5: 5f2bfe7dc4aa6fe9d239a9bf1cd5d1d8
    SHA-256: 49a5ee8b5dad81bd670304a91b03bdad4f9652fdf310adbd00974d293fe99996
    Size: 69.17 kB