booth-1.1-1.el9_4.1

エラータID: AXSA:2024-8153:02

Release date: 
Friday, June 14, 2024 - 16:57
Subject: 
booth-1.1-1.el9_4.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network. Tickets facilitated by a Booth formation are the units of authorization that can be bound to certain resources. This will ensure that the resources are run at only one (granted) site at a time.

Security Fix(es):

* booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server (CVE-2024-3049)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-3049
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.

Solution: 

Update packages.

CVEs: 
CVE-2024-3049
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.
Additional Info: 

N/A

Download: 

SRPMS
  1. booth-1.1-1.el9_4.1.src.rpm
    MD5: c455014303a26b24c88fb0df253320ad
    SHA-256: 1a64f3748c1c9350b90144619b44cbb24f39aff48ac8f44d7852e0bfac529d86
    Size: 366.29 kB

Asianux Server 9 for x86_64
  1. booth-1.1-1.el9_4.1.x86_64.rpm
    MD5: e33efbfb0705432aacf7d326a45295c2
    SHA-256: ff7d5b832d83208357ff406a3e461083462eed0702df970715cfac7b75fb2c72
    Size: 14.98 kB
  2. booth-arbitrator-1.1-1.el9_4.1.noarch.rpm
    MD5: 2df57c5bb0ad2ba8a808f39f7beacd82
    SHA-256: e6ca493468fa080f58a8c15f9fc67cb333de26a995d47919b81340d4056459db
    Size: 9.22 kB
  3. booth-core-1.1-1.el9_4.1.x86_64.rpm
    MD5: 68499a01006bf07f48ee07d9a42089c0
    SHA-256: 6b06f61eea0da42ae77d4062c3200968a431acf4b5f6942700d1e2d5cbea3db0
    Size: 151.51 kB
  4. booth-site-1.1-1.el9_4.1.noarch.rpm
    MD5: 3e93ec218a67ad4cf3bd969b74a8a0d7
    SHA-256: d7ecc397057c75ceebee275de67fb638f2e3f600056adce5570a73fdad78f9d3
    Size: 15.41 kB
  5. booth-test-1.1-1.el9_4.1.noarch.rpm
    MD5: e4ef44fa2f73172625d310fd5fa364fc
    SHA-256: bf4b3cfb1203ec47929a7c2a13b24f184f1b7559049e720eddbb4beab78e930a
    Size: 60.87 kB