booth-1.1-1.el8_10.1

エラータID: AXSA:2024-8489:04

Release date: 
Friday, June 28, 2024 - 15:27
Subject: 
booth-1.1-1.el8_10.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The Booth cluster ticket manager is a component to bridge high availability
clusters spanning multiple sites, in particular, to provide decision inputs to
local Pacemaker cluster resource managers. It operates as a distributed
consensus-based service, presumably on a separate physical network. Tickets
facilitated by a Booth formation are the units of authorization that can be
bound to certain resources. This will ensure that the resources are run at only
one (granted) site at a time.

Security Fix(es):

* booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server (CVE-2024-3049)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-3049
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.

Solution: 

Update packages.

CVEs: 
CVE-2024-3049
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.
Additional Info: 

N/A

Download: 

SRPMS
  1. booth-1.1-1.el8_10.1.src.rpm
    MD5: 135df8832682524385946caa23c45ab1
    SHA-256: eb21d4cfce9728673f7e08c985bbbdacce9fdf1001638da54aaae7a670642c5b
    Size: 367.88 kB

Asianux Server 8 for x86_64
  1. booth-1.1-1.el8_10.1.x86_64.rpm
    MD5: b6dab3941eba8d146d0f72cc9e263289
    SHA-256: d9532f96ae2e07c13e02195005dc1b765d8fa416e57e2fa408a21979cea77082
    Size: 17.47 kB
  2. booth-arbitrator-1.1-1.el8_10.1.noarch.rpm
    MD5: 64fc226486d17e33c00b3aab79a3791f
    SHA-256: a90b4c491dd61d4dc5012b1567261d875c3b0ac166e223f223a2b9eb79484e9e
    Size: 11.36 kB
  3. booth-core-1.1-1.el8_10.1.x86_64.rpm
    MD5: 6af689c78b20bfa474a89d1ed2bced69
    SHA-256: d3e1b1bec935c0f479d1437cf289d35628ebc096393d6baa776551bbc44e3739
    Size: 149.54 kB
  4. booth-site-1.1-1.el8_10.1.noarch.rpm
    MD5: 058ffe651df735eceaf31763f90cdc78
    SHA-256: 73b2c52e617cb055dfc43052d7b74d05123326e39af4319884553c779927f19b
    Size: 17.77 kB
  5. booth-test-1.1-1.el8_10.1.noarch.rpm
    MD5: cbd03517005a187733d5bc5ed56f9567
    SHA-256: cb94e6113c21c7404c3b87d3606269c68358b34407917a37bb0168738c10d029
    Size: 70.38 kB