Red Hat Product Errata RHSA-2024:3658 - Security Advisory
Issued:
2024-06-06
Updated:
2024-06-06

RHSA-2024:3658 - Security Advisory

Synopsis

Important: booth security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for booth is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Description

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network. Tickets facilitated by a Booth formation are the units of authorization that can be bound to certain resources. This will ensure that the resources are run at only one (granted) site at a time.

Security Fix(es):

  • booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server (CVE-2024-3049)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat Enterprise Linux Resilient Storage for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat Enterprise Linux High Availability for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 8.8 x86_64
  • Red Hat Enterprise Linux High Availability (for IBM z Systems) - Extended Update Support 8.8 s390x
  • Red Hat Enterprise Linux High Availability (for ARM 64) - Extended Update Support 8.8 aarch64
  • Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Update Support 8.8 s390x
  • Red Hat Enterprise Linux High Availability for x86_64 - Telecommunications Update Service 8.8 x86_64

Fixes

  • BZ - 2272082 - CVE-2024-3049 booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server

Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 8.8

SRPM
booth-1.0-283.1.9d4029a.git.el8_8.1.src.rpm SHA-256: eb7e73791f57c21ba375c24dfdb0e26455bc5132b2da135b0e445f0a8c0995b0
x86_64
booth-1.0-283.1.9d4029a.git.el8_8.1.x86_64.rpm SHA-256: af02efd751d05ad88c4c44f88b273644fa8d659a4d302e779090a4d81359c3a8
booth-arbitrator-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: d127237cac5ecc4b909422c3fd94e2022a0ff1b7f57964e37a312f42169414bb
booth-core-1.0-283.1.9d4029a.git.el8_8.1.x86_64.rpm SHA-256: 42cf860e900edcdc1b9bfe1b388b5ece9a44fc750d02877f89febdaf4b7b94e1
booth-core-debuginfo-1.0-283.1.9d4029a.git.el8_8.1.x86_64.rpm SHA-256: f402cce19165c0496c707117cd0223e3d2fe456abb18ae00f856a07b7343235b
booth-debugsource-1.0-283.1.9d4029a.git.el8_8.1.x86_64.rpm SHA-256: b731b1e8b7787729e30a48d440b4a8ff467df436060b4a5b718acae8b743f6f6
booth-site-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: 82bb99b670d39c2bff4b316d4bd8682f59a078e6a9c540afade9b3f3f073bd74
booth-test-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: 5f4250fca3d6b483fed541b9054ea8d31caca3622baa9103369fc260a5e64e1d

Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 8.8

SRPM
booth-1.0-283.1.9d4029a.git.el8_8.1.src.rpm SHA-256: eb7e73791f57c21ba375c24dfdb0e26455bc5132b2da135b0e445f0a8c0995b0
x86_64
booth-1.0-283.1.9d4029a.git.el8_8.1.x86_64.rpm SHA-256: af02efd751d05ad88c4c44f88b273644fa8d659a4d302e779090a4d81359c3a8
booth-arbitrator-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: d127237cac5ecc4b909422c3fd94e2022a0ff1b7f57964e37a312f42169414bb
booth-core-1.0-283.1.9d4029a.git.el8_8.1.x86_64.rpm SHA-256: 42cf860e900edcdc1b9bfe1b388b5ece9a44fc750d02877f89febdaf4b7b94e1
booth-core-debuginfo-1.0-283.1.9d4029a.git.el8_8.1.x86_64.rpm SHA-256: f402cce19165c0496c707117cd0223e3d2fe456abb18ae00f856a07b7343235b
booth-debugsource-1.0-283.1.9d4029a.git.el8_8.1.x86_64.rpm SHA-256: b731b1e8b7787729e30a48d440b4a8ff467df436060b4a5b718acae8b743f6f6
booth-site-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: 82bb99b670d39c2bff4b316d4bd8682f59a078e6a9c540afade9b3f3f073bd74
booth-test-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: 5f4250fca3d6b483fed541b9054ea8d31caca3622baa9103369fc260a5e64e1d

Red Hat Enterprise Linux Resilient Storage for Power, little endian - Extended Update Support 8.8

SRPM
booth-1.0-283.1.9d4029a.git.el8_8.1.src.rpm SHA-256: eb7e73791f57c21ba375c24dfdb0e26455bc5132b2da135b0e445f0a8c0995b0
ppc64le
booth-1.0-283.1.9d4029a.git.el8_8.1.ppc64le.rpm SHA-256: 050993a59e8323aabd52513f6bd519e74c1fb317685900d034157c19069eb77f
booth-arbitrator-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: d127237cac5ecc4b909422c3fd94e2022a0ff1b7f57964e37a312f42169414bb
booth-core-1.0-283.1.9d4029a.git.el8_8.1.ppc64le.rpm SHA-256: b55aed00a3119da36d27b9e301397ae5fd002eb9dbd8403740b2f4ca5a3591a6
booth-core-debuginfo-1.0-283.1.9d4029a.git.el8_8.1.ppc64le.rpm SHA-256: 523eec2d2c52e11056e1f682cc0fa5eacf9a015aaf3cd93b8911e4981cfe3adc
booth-debugsource-1.0-283.1.9d4029a.git.el8_8.1.ppc64le.rpm SHA-256: 9dc084a9f1e40e738690502bb82e8d4c3192f966380fc6feb22c493a3d3fd63b
booth-site-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: 82bb99b670d39c2bff4b316d4bd8682f59a078e6a9c540afade9b3f3f073bd74
booth-test-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: 5f4250fca3d6b483fed541b9054ea8d31caca3622baa9103369fc260a5e64e1d

Red Hat Enterprise Linux High Availability for Power, little endian - Extended Update Support 8.8

SRPM
booth-1.0-283.1.9d4029a.git.el8_8.1.src.rpm SHA-256: eb7e73791f57c21ba375c24dfdb0e26455bc5132b2da135b0e445f0a8c0995b0
ppc64le
booth-1.0-283.1.9d4029a.git.el8_8.1.ppc64le.rpm SHA-256: 050993a59e8323aabd52513f6bd519e74c1fb317685900d034157c19069eb77f
booth-arbitrator-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: d127237cac5ecc4b909422c3fd94e2022a0ff1b7f57964e37a312f42169414bb
booth-core-1.0-283.1.9d4029a.git.el8_8.1.ppc64le.rpm SHA-256: b55aed00a3119da36d27b9e301397ae5fd002eb9dbd8403740b2f4ca5a3591a6
booth-core-debuginfo-1.0-283.1.9d4029a.git.el8_8.1.ppc64le.rpm SHA-256: 523eec2d2c52e11056e1f682cc0fa5eacf9a015aaf3cd93b8911e4981cfe3adc
booth-debugsource-1.0-283.1.9d4029a.git.el8_8.1.ppc64le.rpm SHA-256: 9dc084a9f1e40e738690502bb82e8d4c3192f966380fc6feb22c493a3d3fd63b
booth-site-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: 82bb99b670d39c2bff4b316d4bd8682f59a078e6a9c540afade9b3f3f073bd74
booth-test-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: 5f4250fca3d6b483fed541b9054ea8d31caca3622baa9103369fc260a5e64e1d

Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 8.8

SRPM
booth-1.0-283.1.9d4029a.git.el8_8.1.src.rpm SHA-256: eb7e73791f57c21ba375c24dfdb0e26455bc5132b2da135b0e445f0a8c0995b0
ppc64le
booth-1.0-283.1.9d4029a.git.el8_8.1.ppc64le.rpm SHA-256: 050993a59e8323aabd52513f6bd519e74c1fb317685900d034157c19069eb77f
booth-arbitrator-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: d127237cac5ecc4b909422c3fd94e2022a0ff1b7f57964e37a312f42169414bb
booth-core-1.0-283.1.9d4029a.git.el8_8.1.ppc64le.rpm SHA-256: b55aed00a3119da36d27b9e301397ae5fd002eb9dbd8403740b2f4ca5a3591a6
booth-core-debuginfo-1.0-283.1.9d4029a.git.el8_8.1.ppc64le.rpm SHA-256: 523eec2d2c52e11056e1f682cc0fa5eacf9a015aaf3cd93b8911e4981cfe3adc
booth-debugsource-1.0-283.1.9d4029a.git.el8_8.1.ppc64le.rpm SHA-256: 9dc084a9f1e40e738690502bb82e8d4c3192f966380fc6feb22c493a3d3fd63b
booth-site-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: 82bb99b670d39c2bff4b316d4bd8682f59a078e6a9c540afade9b3f3f073bd74
booth-test-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: 5f4250fca3d6b483fed541b9054ea8d31caca3622baa9103369fc260a5e64e1d

Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 8.8

SRPM
booth-1.0-283.1.9d4029a.git.el8_8.1.src.rpm SHA-256: eb7e73791f57c21ba375c24dfdb0e26455bc5132b2da135b0e445f0a8c0995b0
x86_64
booth-1.0-283.1.9d4029a.git.el8_8.1.x86_64.rpm SHA-256: af02efd751d05ad88c4c44f88b273644fa8d659a4d302e779090a4d81359c3a8
booth-arbitrator-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: d127237cac5ecc4b909422c3fd94e2022a0ff1b7f57964e37a312f42169414bb
booth-core-1.0-283.1.9d4029a.git.el8_8.1.x86_64.rpm SHA-256: 42cf860e900edcdc1b9bfe1b388b5ece9a44fc750d02877f89febdaf4b7b94e1
booth-core-debuginfo-1.0-283.1.9d4029a.git.el8_8.1.x86_64.rpm SHA-256: f402cce19165c0496c707117cd0223e3d2fe456abb18ae00f856a07b7343235b
booth-debugsource-1.0-283.1.9d4029a.git.el8_8.1.x86_64.rpm SHA-256: b731b1e8b7787729e30a48d440b4a8ff467df436060b4a5b718acae8b743f6f6
booth-site-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: 82bb99b670d39c2bff4b316d4bd8682f59a078e6a9c540afade9b3f3f073bd74
booth-test-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: 5f4250fca3d6b483fed541b9054ea8d31caca3622baa9103369fc260a5e64e1d

Red Hat Enterprise Linux High Availability (for IBM z Systems) - Extended Update Support 8.8

SRPM
booth-1.0-283.1.9d4029a.git.el8_8.1.src.rpm SHA-256: eb7e73791f57c21ba375c24dfdb0e26455bc5132b2da135b0e445f0a8c0995b0
s390x
booth-1.0-283.1.9d4029a.git.el8_8.1.s390x.rpm SHA-256: 65cdc10aa2fb6f5d41db4152a22c338c2e5fc42d36a8bc2da208a9619c9f9e39
booth-arbitrator-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: d127237cac5ecc4b909422c3fd94e2022a0ff1b7f57964e37a312f42169414bb
booth-core-1.0-283.1.9d4029a.git.el8_8.1.s390x.rpm SHA-256: 469ac4c291e0147720a363061d3ba47a6d783eb9b04f5694b8a81a334fac24ac
booth-core-debuginfo-1.0-283.1.9d4029a.git.el8_8.1.s390x.rpm SHA-256: 0ca90cae9668e0ee29906a08fc0357632f46fbeed0ae14b0310c7c7c81a311fe
booth-debugsource-1.0-283.1.9d4029a.git.el8_8.1.s390x.rpm SHA-256: a2a96863751c584edb4c9ea9e7d68180c26f8ca878b38ccedb6d208949e23c48
booth-site-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: 82bb99b670d39c2bff4b316d4bd8682f59a078e6a9c540afade9b3f3f073bd74
booth-test-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: 5f4250fca3d6b483fed541b9054ea8d31caca3622baa9103369fc260a5e64e1d

Red Hat Enterprise Linux High Availability (for ARM 64) - Extended Update Support 8.8

SRPM
booth-1.0-283.1.9d4029a.git.el8_8.1.src.rpm SHA-256: eb7e73791f57c21ba375c24dfdb0e26455bc5132b2da135b0e445f0a8c0995b0
aarch64
booth-1.0-283.1.9d4029a.git.el8_8.1.aarch64.rpm SHA-256: 6e96e216364f90e414224631ac7033a71e7dc1e82835b338f6112c1d1d7f81a1
booth-arbitrator-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: d127237cac5ecc4b909422c3fd94e2022a0ff1b7f57964e37a312f42169414bb
booth-core-1.0-283.1.9d4029a.git.el8_8.1.aarch64.rpm SHA-256: ae44cc00356ec0d4b8c42340e966e196feea617faa1d3c9da8769fdd05ebbff7
booth-core-debuginfo-1.0-283.1.9d4029a.git.el8_8.1.aarch64.rpm SHA-256: a3e4d3869af097ef3b25ac4b5aa9eae60bb8ad23be1bfe7b4e108f8ce40a91e1
booth-debugsource-1.0-283.1.9d4029a.git.el8_8.1.aarch64.rpm SHA-256: 9c0b4d47d03cb4f2e8abec73c6a7930084c97cdb38ed220d8e606c0a556a5e32
booth-site-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: 82bb99b670d39c2bff4b316d4bd8682f59a078e6a9c540afade9b3f3f073bd74
booth-test-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: 5f4250fca3d6b483fed541b9054ea8d31caca3622baa9103369fc260a5e64e1d

Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Update Support 8.8

SRPM
booth-1.0-283.1.9d4029a.git.el8_8.1.src.rpm SHA-256: eb7e73791f57c21ba375c24dfdb0e26455bc5132b2da135b0e445f0a8c0995b0
s390x
booth-1.0-283.1.9d4029a.git.el8_8.1.s390x.rpm SHA-256: 65cdc10aa2fb6f5d41db4152a22c338c2e5fc42d36a8bc2da208a9619c9f9e39
booth-arbitrator-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: d127237cac5ecc4b909422c3fd94e2022a0ff1b7f57964e37a312f42169414bb
booth-core-1.0-283.1.9d4029a.git.el8_8.1.s390x.rpm SHA-256: 469ac4c291e0147720a363061d3ba47a6d783eb9b04f5694b8a81a334fac24ac
booth-core-debuginfo-1.0-283.1.9d4029a.git.el8_8.1.s390x.rpm SHA-256: 0ca90cae9668e0ee29906a08fc0357632f46fbeed0ae14b0310c7c7c81a311fe
booth-debugsource-1.0-283.1.9d4029a.git.el8_8.1.s390x.rpm SHA-256: a2a96863751c584edb4c9ea9e7d68180c26f8ca878b38ccedb6d208949e23c48
booth-site-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: 82bb99b670d39c2bff4b316d4bd8682f59a078e6a9c540afade9b3f3f073bd74
booth-test-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: 5f4250fca3d6b483fed541b9054ea8d31caca3622baa9103369fc260a5e64e1d

Red Hat Enterprise Linux High Availability for x86_64 - Telecommunications Update Service 8.8

SRPM
booth-1.0-283.1.9d4029a.git.el8_8.1.src.rpm SHA-256: eb7e73791f57c21ba375c24dfdb0e26455bc5132b2da135b0e445f0a8c0995b0
x86_64
booth-1.0-283.1.9d4029a.git.el8_8.1.x86_64.rpm SHA-256: af02efd751d05ad88c4c44f88b273644fa8d659a4d302e779090a4d81359c3a8
booth-arbitrator-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: d127237cac5ecc4b909422c3fd94e2022a0ff1b7f57964e37a312f42169414bb
booth-core-1.0-283.1.9d4029a.git.el8_8.1.x86_64.rpm SHA-256: 42cf860e900edcdc1b9bfe1b388b5ece9a44fc750d02877f89febdaf4b7b94e1
booth-core-debuginfo-1.0-283.1.9d4029a.git.el8_8.1.x86_64.rpm SHA-256: f402cce19165c0496c707117cd0223e3d2fe456abb18ae00f856a07b7343235b
booth-debugsource-1.0-283.1.9d4029a.git.el8_8.1.x86_64.rpm SHA-256: b731b1e8b7787729e30a48d440b4a8ff467df436060b4a5b718acae8b743f6f6
booth-site-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: 82bb99b670d39c2bff4b316d4bd8682f59a078e6a9c540afade9b3f3f073bd74
booth-test-1.0-283.1.9d4029a.git.el8_8.1.noarch.rpm SHA-256: 5f4250fca3d6b483fed541b9054ea8d31caca3622baa9103369fc260a5e64e1d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.