Headline
RHSA-2022:6250: Red Hat Security Advisory: booth security update
An update for booth is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-2553: booth: authfile directive in booth config file is completely ignored.
Synopsis
Moderate: booth security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for booth is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network. Tickets facilitated by a Booth formation are the units of authorization that can be bound to certain resources. This will ensure that the resources are run at only one (granted) site at a time.
Security Fix(es):
- booth: authfile directive in booth config file is completely ignored. (CVE-2022-2553)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 8.4 x86_64
- Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 8.4 x86_64
- Red Hat Enterprise Linux Resilient Storage for IBM Power LE - Extended Update Support 8.4 ppc64le
- Red Hat Enterprise Linux High Availability (for IBM Power LE) - Extended Update Support 8.4 ppc64le
- Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 8.4 ppc64le
- Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 8.4 x86_64
- Red Hat Enterprise Linux High Availability (for IBM z Systems) - Extended Update Support 8.4 s390x
- Red Hat Enterprise Linux High Availability (for ARM 64) - Extended Update Support 8.4 aarch64
- Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Update Support 8.4 s390x
- Red Hat Enterprise Linux High Availability for x86_64 - Telecommunications Update Service 8.4 x86_64
Fixes
- BZ - 2109251 - CVE-2022-2553 booth: authfile directive in booth config file is completely ignored.
Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 8.4
SRPM
booth-1.0-199.1.ac1d34c.git.el8_4.1.src.rpm
SHA-256: bcd07a6fa17714920ae1cc6ad97080b21f2bdec820bde8031193b3b86b9a3388
x86_64
booth-1.0-199.1.ac1d34c.git.el8_4.1.x86_64.rpm
SHA-256: dd8fc33885a90ed79d7465354e9fe89a6e37fff43245ca46df11b0b4553a7ef2
booth-arbitrator-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: 7eb6da0e6cb249b8319ed2925cffbb5bf7e2baa683b31aa7bd48218693129895
booth-core-1.0-199.1.ac1d34c.git.el8_4.1.x86_64.rpm
SHA-256: 9a3b98b3f63c315bdd911ed3e65f5a5c6932d6d8004a8bfc9f03fa827f59b60a
booth-core-debuginfo-1.0-199.1.ac1d34c.git.el8_4.1.x86_64.rpm
SHA-256: c61a8362f29ccda97d07a4f46ca8d32cd3187038718d3438b67b24f0fb06830e
booth-debugsource-1.0-199.1.ac1d34c.git.el8_4.1.x86_64.rpm
SHA-256: f561254726618bae4c79f77d9170d3d3499f0774200826c1be24e63626088ab8
booth-site-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: da8fbe541c480439a2aa0c442606bc5a7506af3d612190552a57608690d44199
booth-test-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: beca223eb9acd20714d0d50581031f896185fad649b23ac2227433d7534d78b1
Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 8.4
SRPM
booth-1.0-199.1.ac1d34c.git.el8_4.1.src.rpm
SHA-256: bcd07a6fa17714920ae1cc6ad97080b21f2bdec820bde8031193b3b86b9a3388
x86_64
booth-1.0-199.1.ac1d34c.git.el8_4.1.x86_64.rpm
SHA-256: dd8fc33885a90ed79d7465354e9fe89a6e37fff43245ca46df11b0b4553a7ef2
booth-arbitrator-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: 7eb6da0e6cb249b8319ed2925cffbb5bf7e2baa683b31aa7bd48218693129895
booth-core-1.0-199.1.ac1d34c.git.el8_4.1.x86_64.rpm
SHA-256: 9a3b98b3f63c315bdd911ed3e65f5a5c6932d6d8004a8bfc9f03fa827f59b60a
booth-core-debuginfo-1.0-199.1.ac1d34c.git.el8_4.1.x86_64.rpm
SHA-256: c61a8362f29ccda97d07a4f46ca8d32cd3187038718d3438b67b24f0fb06830e
booth-debugsource-1.0-199.1.ac1d34c.git.el8_4.1.x86_64.rpm
SHA-256: f561254726618bae4c79f77d9170d3d3499f0774200826c1be24e63626088ab8
booth-site-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: da8fbe541c480439a2aa0c442606bc5a7506af3d612190552a57608690d44199
booth-test-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: beca223eb9acd20714d0d50581031f896185fad649b23ac2227433d7534d78b1
Red Hat Enterprise Linux Resilient Storage for IBM Power LE - Extended Update Support 8.4
SRPM
booth-1.0-199.1.ac1d34c.git.el8_4.1.src.rpm
SHA-256: bcd07a6fa17714920ae1cc6ad97080b21f2bdec820bde8031193b3b86b9a3388
ppc64le
booth-1.0-199.1.ac1d34c.git.el8_4.1.ppc64le.rpm
SHA-256: f3a5ca5768178f874e358cd54fd1a2f0bdd8ffe531e886e94b6017e09826a089
booth-arbitrator-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: 7eb6da0e6cb249b8319ed2925cffbb5bf7e2baa683b31aa7bd48218693129895
booth-core-1.0-199.1.ac1d34c.git.el8_4.1.ppc64le.rpm
SHA-256: c291889e8c5c7f514b1ac5415e9858e27a1eda14e0190e388fe483a1da52e652
booth-core-debuginfo-1.0-199.1.ac1d34c.git.el8_4.1.ppc64le.rpm
SHA-256: fd21a4920e746c3b930b4597c4c1909edda22b39a27ed88c255b34473ec0055f
booth-debugsource-1.0-199.1.ac1d34c.git.el8_4.1.ppc64le.rpm
SHA-256: fbbaa356293f4d2502809c94a49a538e96b2200f59cd80251e2bad78a6c47b3d
booth-site-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: da8fbe541c480439a2aa0c442606bc5a7506af3d612190552a57608690d44199
booth-test-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: beca223eb9acd20714d0d50581031f896185fad649b23ac2227433d7534d78b1
Red Hat Enterprise Linux High Availability (for IBM Power LE) - Extended Update Support 8.4
SRPM
booth-1.0-199.1.ac1d34c.git.el8_4.1.src.rpm
SHA-256: bcd07a6fa17714920ae1cc6ad97080b21f2bdec820bde8031193b3b86b9a3388
ppc64le
booth-1.0-199.1.ac1d34c.git.el8_4.1.ppc64le.rpm
SHA-256: f3a5ca5768178f874e358cd54fd1a2f0bdd8ffe531e886e94b6017e09826a089
booth-arbitrator-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: 7eb6da0e6cb249b8319ed2925cffbb5bf7e2baa683b31aa7bd48218693129895
booth-core-1.0-199.1.ac1d34c.git.el8_4.1.ppc64le.rpm
SHA-256: c291889e8c5c7f514b1ac5415e9858e27a1eda14e0190e388fe483a1da52e652
booth-core-debuginfo-1.0-199.1.ac1d34c.git.el8_4.1.ppc64le.rpm
SHA-256: fd21a4920e746c3b930b4597c4c1909edda22b39a27ed88c255b34473ec0055f
booth-debugsource-1.0-199.1.ac1d34c.git.el8_4.1.ppc64le.rpm
SHA-256: fbbaa356293f4d2502809c94a49a538e96b2200f59cd80251e2bad78a6c47b3d
booth-site-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: da8fbe541c480439a2aa0c442606bc5a7506af3d612190552a57608690d44199
booth-test-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: beca223eb9acd20714d0d50581031f896185fad649b23ac2227433d7534d78b1
Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 8.4
SRPM
booth-1.0-199.1.ac1d34c.git.el8_4.1.src.rpm
SHA-256: bcd07a6fa17714920ae1cc6ad97080b21f2bdec820bde8031193b3b86b9a3388
ppc64le
booth-1.0-199.1.ac1d34c.git.el8_4.1.ppc64le.rpm
SHA-256: f3a5ca5768178f874e358cd54fd1a2f0bdd8ffe531e886e94b6017e09826a089
booth-arbitrator-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: 7eb6da0e6cb249b8319ed2925cffbb5bf7e2baa683b31aa7bd48218693129895
booth-core-1.0-199.1.ac1d34c.git.el8_4.1.ppc64le.rpm
SHA-256: c291889e8c5c7f514b1ac5415e9858e27a1eda14e0190e388fe483a1da52e652
booth-core-debuginfo-1.0-199.1.ac1d34c.git.el8_4.1.ppc64le.rpm
SHA-256: fd21a4920e746c3b930b4597c4c1909edda22b39a27ed88c255b34473ec0055f
booth-debugsource-1.0-199.1.ac1d34c.git.el8_4.1.ppc64le.rpm
SHA-256: fbbaa356293f4d2502809c94a49a538e96b2200f59cd80251e2bad78a6c47b3d
booth-site-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: da8fbe541c480439a2aa0c442606bc5a7506af3d612190552a57608690d44199
booth-test-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: beca223eb9acd20714d0d50581031f896185fad649b23ac2227433d7534d78b1
Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 8.4
SRPM
booth-1.0-199.1.ac1d34c.git.el8_4.1.src.rpm
SHA-256: bcd07a6fa17714920ae1cc6ad97080b21f2bdec820bde8031193b3b86b9a3388
x86_64
booth-1.0-199.1.ac1d34c.git.el8_4.1.x86_64.rpm
SHA-256: dd8fc33885a90ed79d7465354e9fe89a6e37fff43245ca46df11b0b4553a7ef2
booth-arbitrator-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: 7eb6da0e6cb249b8319ed2925cffbb5bf7e2baa683b31aa7bd48218693129895
booth-core-1.0-199.1.ac1d34c.git.el8_4.1.x86_64.rpm
SHA-256: 9a3b98b3f63c315bdd911ed3e65f5a5c6932d6d8004a8bfc9f03fa827f59b60a
booth-core-debuginfo-1.0-199.1.ac1d34c.git.el8_4.1.x86_64.rpm
SHA-256: c61a8362f29ccda97d07a4f46ca8d32cd3187038718d3438b67b24f0fb06830e
booth-debugsource-1.0-199.1.ac1d34c.git.el8_4.1.x86_64.rpm
SHA-256: f561254726618bae4c79f77d9170d3d3499f0774200826c1be24e63626088ab8
booth-site-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: da8fbe541c480439a2aa0c442606bc5a7506af3d612190552a57608690d44199
booth-test-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: beca223eb9acd20714d0d50581031f896185fad649b23ac2227433d7534d78b1
Red Hat Enterprise Linux High Availability (for IBM z Systems) - Extended Update Support 8.4
SRPM
booth-1.0-199.1.ac1d34c.git.el8_4.1.src.rpm
SHA-256: bcd07a6fa17714920ae1cc6ad97080b21f2bdec820bde8031193b3b86b9a3388
s390x
booth-1.0-199.1.ac1d34c.git.el8_4.1.s390x.rpm
SHA-256: ee3be7f72a4332e234f7786ba8cbfdb4b239b624acffe830b24303dc1854b671
booth-arbitrator-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: 7eb6da0e6cb249b8319ed2925cffbb5bf7e2baa683b31aa7bd48218693129895
booth-core-1.0-199.1.ac1d34c.git.el8_4.1.s390x.rpm
SHA-256: 109b486323637229ed3391fc0e6fa06fd4ba1ec4466bf019cb928f20af8893d4
booth-core-debuginfo-1.0-199.1.ac1d34c.git.el8_4.1.s390x.rpm
SHA-256: c6a38fd4420f95887ff2cd14c0b04870ff497486139f07e9c7c5e6551620d35e
booth-debugsource-1.0-199.1.ac1d34c.git.el8_4.1.s390x.rpm
SHA-256: 66f08ca3a8f8226d45f797a888c6e2cee8702ba2e88c2d9ac42f2678d56b56ae
booth-site-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: da8fbe541c480439a2aa0c442606bc5a7506af3d612190552a57608690d44199
booth-test-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: beca223eb9acd20714d0d50581031f896185fad649b23ac2227433d7534d78b1
Red Hat Enterprise Linux High Availability (for ARM 64) - Extended Update Support 8.4
SRPM
booth-1.0-199.1.ac1d34c.git.el8_4.1.src.rpm
SHA-256: bcd07a6fa17714920ae1cc6ad97080b21f2bdec820bde8031193b3b86b9a3388
aarch64
booth-1.0-199.1.ac1d34c.git.el8_4.1.aarch64.rpm
SHA-256: 010b6699f2bd20357680ac25f2c1d0df68469c5d5bcbd97f91c623f5ffdbdd72
booth-arbitrator-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: 7eb6da0e6cb249b8319ed2925cffbb5bf7e2baa683b31aa7bd48218693129895
booth-core-1.0-199.1.ac1d34c.git.el8_4.1.aarch64.rpm
SHA-256: 6e816c7ff8fe050ab9a2c07cad42d5b27c6b7d4d14862770e98dca53120990f3
booth-core-debuginfo-1.0-199.1.ac1d34c.git.el8_4.1.aarch64.rpm
SHA-256: 8b9017863b298e29358c2d75c42138fafe2a05670a6b437615b8adb86e42b77e
booth-debugsource-1.0-199.1.ac1d34c.git.el8_4.1.aarch64.rpm
SHA-256: dc498603ec616572cf95671f8001bcf121477ee487a05169897dd070ae2e74ba
booth-site-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: da8fbe541c480439a2aa0c442606bc5a7506af3d612190552a57608690d44199
booth-test-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: beca223eb9acd20714d0d50581031f896185fad649b23ac2227433d7534d78b1
Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Update Support 8.4
SRPM
booth-1.0-199.1.ac1d34c.git.el8_4.1.src.rpm
SHA-256: bcd07a6fa17714920ae1cc6ad97080b21f2bdec820bde8031193b3b86b9a3388
s390x
booth-1.0-199.1.ac1d34c.git.el8_4.1.s390x.rpm
SHA-256: ee3be7f72a4332e234f7786ba8cbfdb4b239b624acffe830b24303dc1854b671
booth-arbitrator-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: 7eb6da0e6cb249b8319ed2925cffbb5bf7e2baa683b31aa7bd48218693129895
booth-core-1.0-199.1.ac1d34c.git.el8_4.1.s390x.rpm
SHA-256: 109b486323637229ed3391fc0e6fa06fd4ba1ec4466bf019cb928f20af8893d4
booth-core-debuginfo-1.0-199.1.ac1d34c.git.el8_4.1.s390x.rpm
SHA-256: c6a38fd4420f95887ff2cd14c0b04870ff497486139f07e9c7c5e6551620d35e
booth-debugsource-1.0-199.1.ac1d34c.git.el8_4.1.s390x.rpm
SHA-256: 66f08ca3a8f8226d45f797a888c6e2cee8702ba2e88c2d9ac42f2678d56b56ae
booth-site-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: da8fbe541c480439a2aa0c442606bc5a7506af3d612190552a57608690d44199
booth-test-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: beca223eb9acd20714d0d50581031f896185fad649b23ac2227433d7534d78b1
Red Hat Enterprise Linux High Availability for x86_64 - Telecommunications Update Service 8.4
SRPM
booth-1.0-199.1.ac1d34c.git.el8_4.1.src.rpm
SHA-256: bcd07a6fa17714920ae1cc6ad97080b21f2bdec820bde8031193b3b86b9a3388
x86_64
booth-1.0-199.1.ac1d34c.git.el8_4.1.x86_64.rpm
SHA-256: dd8fc33885a90ed79d7465354e9fe89a6e37fff43245ca46df11b0b4553a7ef2
booth-arbitrator-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: 7eb6da0e6cb249b8319ed2925cffbb5bf7e2baa683b31aa7bd48218693129895
booth-core-1.0-199.1.ac1d34c.git.el8_4.1.x86_64.rpm
SHA-256: 9a3b98b3f63c315bdd911ed3e65f5a5c6932d6d8004a8bfc9f03fa827f59b60a
booth-core-debuginfo-1.0-199.1.ac1d34c.git.el8_4.1.x86_64.rpm
SHA-256: c61a8362f29ccda97d07a4f46ca8d32cd3187038718d3438b67b24f0fb06830e
booth-debugsource-1.0-199.1.ac1d34c.git.el8_4.1.x86_64.rpm
SHA-256: f561254726618bae4c79f77d9170d3d3499f0774200826c1be24e63626088ab8
booth-site-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: da8fbe541c480439a2aa0c442606bc5a7506af3d612190552a57608690d44199
booth-test-1.0-199.1.ac1d34c.git.el8_4.1.noarch.rpm
SHA-256: beca223eb9acd20714d0d50581031f896185fad649b23ac2227433d7534d78b1
Related news
Red Hat Security Advisory 2022-6580-01 - The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network. Tickets facilitated by a Booth formation are the units of authorization that can be bound to certain resources. This will ensure that the resources are run at only one site at a time.
An update for booth is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2553: booth: authfile directive in booth config file is completely ignored.
Red Hat Security Advisory 2022-6439-01 - The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network. Tickets facilitated by a Booth formation are the units of authorization that can be bound to certain resources. This will ensure that the resources are run at only one site at a time.
An update for booth is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2553: booth: authfile directive in booth config file is completely ignored.
Red Hat Security Advisory 2022-6250-01 - The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network. Tickets facilitated by a Booth formation are the units of authorization that can be bound to certain resources. This will ensure that the resources are run at only one site at a time.
Ubuntu Security Notice 5556-1 - It was discovered that Booth incorrectly handled user authentication. An attacker could use this vulnerability to cause a denial of service.
The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.