{"id":"RLSA-2024:3659","summary":"Important: booth security update","details":"The Booth cluster ticket manager is a component to bridge high availability\nclusters spanning multiple sites, in particular, to provide decision inputs to\nlocal Pacemaker cluster resource managers. It operates as a distributed\nconsensus-based service, presumably on a separate physical network. Tickets\nfacilitated by a Booth formation are the units of authorization that can be\nbound to certain resources. This will ensure that the resources are run at only\none (granted) site at a time.\n\nSecurity Fix(es):\n\n* booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server  (CVE-2024-3049)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-02-04T15:15:06.711934Z","published":"2024-06-14T13:59:33.077645Z","upstream":["CVE-2024-3049"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2024:3659"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2272082"}],"affected":[{"package":{"name":"booth","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/booth?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.1-1.el8_10.1"}],"database_specific":{"yum_repository":"HighAvailability"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:3659.json"}}],"schema_version":"1.7.3","credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}