{"id":"RLSA-2024:3661","summary":"Important: booth security update","details":"The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network. Tickets facilitated by a Booth formation are the units of authorization that can be bound to certain resources. This will ensure that the resources are run at only one (granted) site at a time.\n\nSecurity Fix(es):\n\n* booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server (CVE-2024-3049)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-03-11T06:31:15.393859Z","published":"2024-06-14T14:00:41.081783Z","upstream":["CVE-2024-3049"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2024:3661"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2272082"}],"affected":[{"package":{"name":"booth","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/booth?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.1-1.el9_4.1"}],"database_specific":{"yum_repository":"HighAvailability"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:3661.json"}}],"schema_version":"1.7.5","credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}