Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2024:3659 - Security Advisory
Issued:
2024-06-06
Updated:
2024-06-06

RHSA-2024:3659 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: booth security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for booth is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Description

The Booth cluster ticket manager is a component to bridge high availability
clusters spanning multiple sites, in particular, to provide decision inputs to
local Pacemaker cluster resource managers. It operates as a distributed
consensus-based service, presumably on a separate physical network. Tickets
facilitated by a Booth formation are the units of authorization that can be
bound to certain resources. This will ensure that the resources are run at only
one (granted) site at a time.

Security Fix(es):

  • booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server (CVE-2024-3049)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux High Availability for x86_64 8 x86_64
  • Red Hat Enterprise Linux High Availability for ARM 64 8 aarch64
  • Red Hat Enterprise Linux Resilient Storage for x86_64 8 x86_64
  • Red Hat Enterprise Linux Resilient Storage for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux High Availability for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux Resilient Storage for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux High Availability for Power, little endian 8 ppc64le

Fixes

  • BZ - 2272082 - CVE-2024-3049 booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server

CVEs

  • CVE-2024-3049

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux High Availability for x86_64 8

SRPM
booth-1.1-1.el8_10.1.src.rpm SHA-256: e6269570ede947eef3f36290fef46d014d28a96d3166b9d071eb960250157655
x86_64
booth-1.1-1.el8_10.1.x86_64.rpm SHA-256: a83f6c01bf5caf0bfb042c50c2d1b03d1f1d4b75866008280232c02d6f5ac2bb
booth-arbitrator-1.1-1.el8_10.1.noarch.rpm SHA-256: 4e9f0b61e454a64ca34a4ca2153d5f7e15aebc90043d9edd936ab67129f72228
booth-core-1.1-1.el8_10.1.x86_64.rpm SHA-256: a1d9acc7e5b62fa1f1b9792016ac77383903ec32c812c3f52b3c80a93c3333e0
booth-core-debuginfo-1.1-1.el8_10.1.x86_64.rpm SHA-256: 66d20251c3a1c59cbe23d520b974b1963125e92522602f879275ac65a295c907
booth-debugsource-1.1-1.el8_10.1.x86_64.rpm SHA-256: 7dbf2952cbd6655aeddef3a092e363e5bfa4d1743e50574f28bb655612ea72c3
booth-site-1.1-1.el8_10.1.noarch.rpm SHA-256: 45086210dff73ebd932fc3c83a0eda02e6f5d592e62abe252931f49d29f94976
booth-test-1.1-1.el8_10.1.noarch.rpm SHA-256: 3324c587399c0dcdc543a8216490c9f819bbcd1091c6fd9e898dac8341b0aac7

Red Hat Enterprise Linux High Availability for ARM 64 8

SRPM
booth-1.1-1.el8_10.1.src.rpm SHA-256: e6269570ede947eef3f36290fef46d014d28a96d3166b9d071eb960250157655
aarch64
booth-1.1-1.el8_10.1.aarch64.rpm SHA-256: af0dcef470d876ef4b67be673cf8b9ee49ffe77cd95bfa437a06eee9f575afe1
booth-arbitrator-1.1-1.el8_10.1.noarch.rpm SHA-256: 4e9f0b61e454a64ca34a4ca2153d5f7e15aebc90043d9edd936ab67129f72228
booth-core-1.1-1.el8_10.1.aarch64.rpm SHA-256: f153cc63471c4c937857911482a433bc841d34d535e6a818bd2cd7d3809ed7d2
booth-core-debuginfo-1.1-1.el8_10.1.aarch64.rpm SHA-256: 070826bfef930adb668ce798a4c20dfeb9ff2ab3fc5671bee6ec46ea3a4e8ee4
booth-debugsource-1.1-1.el8_10.1.aarch64.rpm SHA-256: 17a0b54593c0d8051a89caf61c06cf77a193320def82391861b37b3f8e6dd4f7
booth-site-1.1-1.el8_10.1.noarch.rpm SHA-256: 45086210dff73ebd932fc3c83a0eda02e6f5d592e62abe252931f49d29f94976
booth-test-1.1-1.el8_10.1.noarch.rpm SHA-256: 3324c587399c0dcdc543a8216490c9f819bbcd1091c6fd9e898dac8341b0aac7

Red Hat Enterprise Linux Resilient Storage for x86_64 8

SRPM
booth-1.1-1.el8_10.1.src.rpm SHA-256: e6269570ede947eef3f36290fef46d014d28a96d3166b9d071eb960250157655
x86_64
booth-1.1-1.el8_10.1.x86_64.rpm SHA-256: a83f6c01bf5caf0bfb042c50c2d1b03d1f1d4b75866008280232c02d6f5ac2bb
booth-arbitrator-1.1-1.el8_10.1.noarch.rpm SHA-256: 4e9f0b61e454a64ca34a4ca2153d5f7e15aebc90043d9edd936ab67129f72228
booth-core-1.1-1.el8_10.1.x86_64.rpm SHA-256: a1d9acc7e5b62fa1f1b9792016ac77383903ec32c812c3f52b3c80a93c3333e0
booth-core-debuginfo-1.1-1.el8_10.1.x86_64.rpm SHA-256: 66d20251c3a1c59cbe23d520b974b1963125e92522602f879275ac65a295c907
booth-debugsource-1.1-1.el8_10.1.x86_64.rpm SHA-256: 7dbf2952cbd6655aeddef3a092e363e5bfa4d1743e50574f28bb655612ea72c3
booth-site-1.1-1.el8_10.1.noarch.rpm SHA-256: 45086210dff73ebd932fc3c83a0eda02e6f5d592e62abe252931f49d29f94976
booth-test-1.1-1.el8_10.1.noarch.rpm SHA-256: 3324c587399c0dcdc543a8216490c9f819bbcd1091c6fd9e898dac8341b0aac7

Red Hat Enterprise Linux Resilient Storage for IBM z Systems 8

SRPM
booth-1.1-1.el8_10.1.src.rpm SHA-256: e6269570ede947eef3f36290fef46d014d28a96d3166b9d071eb960250157655
s390x
booth-1.1-1.el8_10.1.s390x.rpm SHA-256: b4f531a9a3e366b1f0c98b22a7a891b6e5cf9ad196658cfda610c479fe0a0988
booth-arbitrator-1.1-1.el8_10.1.noarch.rpm SHA-256: 4e9f0b61e454a64ca34a4ca2153d5f7e15aebc90043d9edd936ab67129f72228
booth-core-1.1-1.el8_10.1.s390x.rpm SHA-256: 83a7b394c24d4ef4b5e03cd90644a71172fa49608008cf1a5effd301626b89dc
booth-core-debuginfo-1.1-1.el8_10.1.s390x.rpm SHA-256: ee8e5968183ec8044c102565532a110bf02a5c0cbb03398a5768d0d8f82a13ce
booth-debugsource-1.1-1.el8_10.1.s390x.rpm SHA-256: 71a6568fbf0c9e533661bd431bb402cc84b5a9e9acfcb392d606997173312da7
booth-site-1.1-1.el8_10.1.noarch.rpm SHA-256: 45086210dff73ebd932fc3c83a0eda02e6f5d592e62abe252931f49d29f94976
booth-test-1.1-1.el8_10.1.noarch.rpm SHA-256: 3324c587399c0dcdc543a8216490c9f819bbcd1091c6fd9e898dac8341b0aac7

Red Hat Enterprise Linux High Availability for IBM z Systems 8

SRPM
booth-1.1-1.el8_10.1.src.rpm SHA-256: e6269570ede947eef3f36290fef46d014d28a96d3166b9d071eb960250157655
s390x
booth-1.1-1.el8_10.1.s390x.rpm SHA-256: b4f531a9a3e366b1f0c98b22a7a891b6e5cf9ad196658cfda610c479fe0a0988
booth-arbitrator-1.1-1.el8_10.1.noarch.rpm SHA-256: 4e9f0b61e454a64ca34a4ca2153d5f7e15aebc90043d9edd936ab67129f72228
booth-core-1.1-1.el8_10.1.s390x.rpm SHA-256: 83a7b394c24d4ef4b5e03cd90644a71172fa49608008cf1a5effd301626b89dc
booth-core-debuginfo-1.1-1.el8_10.1.s390x.rpm SHA-256: ee8e5968183ec8044c102565532a110bf02a5c0cbb03398a5768d0d8f82a13ce
booth-debugsource-1.1-1.el8_10.1.s390x.rpm SHA-256: 71a6568fbf0c9e533661bd431bb402cc84b5a9e9acfcb392d606997173312da7
booth-site-1.1-1.el8_10.1.noarch.rpm SHA-256: 45086210dff73ebd932fc3c83a0eda02e6f5d592e62abe252931f49d29f94976
booth-test-1.1-1.el8_10.1.noarch.rpm SHA-256: 3324c587399c0dcdc543a8216490c9f819bbcd1091c6fd9e898dac8341b0aac7

Red Hat Enterprise Linux Resilient Storage for Power, little endian 8

SRPM
booth-1.1-1.el8_10.1.src.rpm SHA-256: e6269570ede947eef3f36290fef46d014d28a96d3166b9d071eb960250157655
ppc64le
booth-1.1-1.el8_10.1.ppc64le.rpm SHA-256: fe729945914ca70275519be3d2bb2e6b548a4337a9cf7f062b7e2dd173f1428e
booth-arbitrator-1.1-1.el8_10.1.noarch.rpm SHA-256: 4e9f0b61e454a64ca34a4ca2153d5f7e15aebc90043d9edd936ab67129f72228
booth-core-1.1-1.el8_10.1.ppc64le.rpm SHA-256: 567e7280ccf65c7a3e9cf54b3cf0585058e7c3bd3066365afaa0450ac520f0db
booth-core-debuginfo-1.1-1.el8_10.1.ppc64le.rpm SHA-256: 4cd6e899ecbb7a3fa45028eb87e3779860e23b3658737ec08cfcb17ecc701860
booth-debugsource-1.1-1.el8_10.1.ppc64le.rpm SHA-256: de2fd2154e849f40210c318ee852035e8cbffa8258180296df1e1de3dc3db526
booth-site-1.1-1.el8_10.1.noarch.rpm SHA-256: 45086210dff73ebd932fc3c83a0eda02e6f5d592e62abe252931f49d29f94976
booth-test-1.1-1.el8_10.1.noarch.rpm SHA-256: 3324c587399c0dcdc543a8216490c9f819bbcd1091c6fd9e898dac8341b0aac7

Red Hat Enterprise Linux High Availability for Power, little endian 8

SRPM
booth-1.1-1.el8_10.1.src.rpm SHA-256: e6269570ede947eef3f36290fef46d014d28a96d3166b9d071eb960250157655
ppc64le
booth-1.1-1.el8_10.1.ppc64le.rpm SHA-256: fe729945914ca70275519be3d2bb2e6b548a4337a9cf7f062b7e2dd173f1428e
booth-arbitrator-1.1-1.el8_10.1.noarch.rpm SHA-256: 4e9f0b61e454a64ca34a4ca2153d5f7e15aebc90043d9edd936ab67129f72228
booth-core-1.1-1.el8_10.1.ppc64le.rpm SHA-256: 567e7280ccf65c7a3e9cf54b3cf0585058e7c3bd3066365afaa0450ac520f0db
booth-core-debuginfo-1.1-1.el8_10.1.ppc64le.rpm SHA-256: 4cd6e899ecbb7a3fa45028eb87e3779860e23b3658737ec08cfcb17ecc701860
booth-debugsource-1.1-1.el8_10.1.ppc64le.rpm SHA-256: de2fd2154e849f40210c318ee852035e8cbffa8258180296df1e1de3dc3db526
booth-site-1.1-1.el8_10.1.noarch.rpm SHA-256: 45086210dff73ebd932fc3c83a0eda02e6f5d592e62abe252931f49d29f94976
booth-test-1.1-1.el8_10.1.noarch.rpm SHA-256: 3324c587399c0dcdc543a8216490c9f819bbcd1091c6fd9e898dac8341b0aac7

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility