SUSE-RU-2020:3950-1: moderate: Recommended update for openscap
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Thu Dec 31 13:14:52 MST 2020
SUSE Recommended Update: Recommended update for openscap
______________________________________________________________________________
Announcement ID: SUSE-RU-2020:3950-1
Rating: moderate
References: #1154380 #1155258 #1178301 #1180456
Affected Products:
SUSE Linux Enterprise Module for Basesystem 15-SP2
______________________________________________________________________________
An update that has four recommended fixes can now be
installed.
Description:
This update for openscap fixes the following issues:
OpenSCAP was updated to 1.3.4.
- add CPE dict entries for openSUSE Leap 15.1 and 15.2
- add dbus-1-devel buildrequires to enable systemd tests (bsc#1178301)
openscap 1.3.4:
* New features
- Add support for FreeBSD
- Make use of HTTP header content-encoding: gzip if available
- Improved yamlfilecontent: updated yaml-filter, extend the schema and
probe to be able to work with a set of values in maps
* Maintenance, bug fixes
- A lot of memory leaks have been plugged
- Refactored rpmverifyfile probe and fixed memory leak
- Fixed SEGFAULT caused by recursive and circular dependencies between
OVAL definitions
- Fixed DOM representation of the profile platform
- Test suit: better portability, more granularity in results,
inclusion of memory-related tests
- Compatibility with uClibc
- Local and remote file system detection method was improved
- Make the report a valid HTML5 document
- openscap: DISA STIG Viewer URL reference changed (bsc#1180456)
openscap 1.3.3:
Notable improvements in this release:
- a Python script that can be used for CLI tailoring (autotailor) (thank
you, MatÄ›j TýÄ);
- timezone for XCCDF TestResult start and end time (thank you, Jan
Černý);
- new yamlfilecontent independent probe (draft implementation), see the
proposal https://github.com/OVAL-Community/OVAL/issues/91 for
additional information.
There are other changes as well, here is the list:
- Introduced `urn:xccdf:fix:script:kubernetes` fix type in XCCDF;
- Added ability to generate `machineconfig` fix;
- Detect ambiguous scan target (utils/oscap-podman);
- Fixed #170: The rpmverifyfile probe can't verify files from '/bin'
directory;
- The data system_info probe return for offline and online modes is
consistent and actual;
- Prevent crashes when complicated regexes are executed in
textfilecontent58 probe;
- Fixed #1512: Severity refinement lost in generated guide;
- Fixed #1453: Pointer lost in Swig API;
- Evaluation Characteristics of the XCCDF report are now consistent with
OVAL entities; from system_info probe;
- Fixed filepath pattern matching in offline mode in textfilecontent58
probe;
- Fixed infinite recursion in systemdunitdependency probe;
- Fixed the case when CMake couldn't find libacl or xattr.h.
Patch Instructions:
To install this SUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Basesystem 15-SP2:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3950=1
Package List:
- SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):
libopenscap25-1.3.4-3.3.1
libopenscap25-debuginfo-1.3.4-3.3.1
openscap-1.3.4-3.3.1
openscap-content-1.3.4-3.3.1
openscap-debuginfo-1.3.4-3.3.1
openscap-debugsource-1.3.4-3.3.1
openscap-devel-1.3.4-3.3.1
openscap-utils-1.3.4-3.3.1
openscap-utils-debuginfo-1.3.4-3.3.1
References:
https://bugzilla.suse.com/1154380
https://bugzilla.suse.com/1155258
https://bugzilla.suse.com/1178301
https://bugzilla.suse.com/1180456
More information about the sle-updates
mailing list