SUSE-RU-2021:3542-1: moderate: Recommended update for openscap
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Wed Oct 27 13:38:33 UTC 2021
SUSE Recommended Update: Recommended update for openscap
______________________________________________________________________________
Announcement ID: SUSE-RU-2021:3542-1
Rating: moderate
References: #1186735
Affected Products:
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP2
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for openscap fixes the following issues:
- Since upstream has moved to Python 3, switch the BuildRequires from
'python-devel' to 'python3-devel'.
- Add definitions for SUSE Linux Enterprise Server, SUSE Linux Enterprise
Desktop, openSUSE Tumbleweed, openSUSE Leap and Fedora to the CPE
dictionary. (bsc#1186735)
- Add updated definitions for openSUSE Tumbleweed, openSUSE Leap and Wind
River Linux using the Open Vulnerability and Assessment Language.
(bsc#1186735)
- openscap 1.3.5
- New features
- Made 'schematron-based' validation enabled by default for validate
command of 'oval' and 'xccdf' modules
- Added SCAP 1.3 source data stream Schematron
- Added XML Signature Validation
- Added '--enforce-signature' option for eval, guide, and fix modules
- Added <content> entity support (OVAL/yamlfilecontent)
- Allowed to clamp mtime to SOURCE_DATE_EPOCH
- Added severity and role attributes
- Added support for requires/conflicts elements of the Rule and Group
(XCCDF)
- Added Kubernetes remediation to HTML report
- Maintenance, bug fix
- Fixed CMake warnings
- Made 'gpfs', 'proc' and 'sysfs' filesystems non-local
- Fixed handling of '--arg=val'-styled common options
- Documented used environment variables
- Updated man page and help texts
- Added '--skip-validation' option synonym for '--skip-valid'
- Fixed behavior of StateType operator
- Fixed coverity warnings
- Ignoring namespace in XPath expressions
- Fixed how 'oval_probe_ext_eval' checks absence of the response from
the probe (obtrusive data warning)
- Described SWID tags detection
- Improved documentation about '--stig-viewer' option
- File probe behaviour fixed (symlink traversal now behaves as defined
by OVAL)
- Fixed multiple segfaults and broken test in '--stig-viewer' feature
- Added dpkg version comparison algorithm
- Fixed 'TestResult/benchmark/@href' attribute
- Fixed memory allocation
- Fixed field names for cases where key selection section is followed
by a set section (probes/yamfilecontent)
- Changing hard coded libperl path in favor of FindPerlLibs method
- Check local filesystems when using 'filepath' element
Patch Instructions:
To install this SUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3542=1
- SUSE Linux Enterprise Module for Basesystem 15-SP2:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3542=1
Package List:
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libopenscap25-1.3.5-3.6.1
libopenscap25-debuginfo-1.3.5-3.6.1
openscap-1.3.5-3.6.1
openscap-content-1.3.5-3.6.1
openscap-debuginfo-1.3.5-3.6.1
openscap-debugsource-1.3.5-3.6.1
openscap-devel-1.3.5-3.6.1
openscap-docker-1.3.5-3.6.1
openscap-utils-1.3.5-3.6.1
openscap-utils-debuginfo-1.3.5-3.6.1
- SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64):
libopenscap25-1.3.5-3.6.1
libopenscap25-debuginfo-1.3.5-3.6.1
openscap-1.3.5-3.6.1
openscap-content-1.3.5-3.6.1
openscap-debuginfo-1.3.5-3.6.1
openscap-debugsource-1.3.5-3.6.1
openscap-devel-1.3.5-3.6.1
openscap-utils-1.3.5-3.6.1
openscap-utils-debuginfo-1.3.5-3.6.1
References:
https://bugzilla.suse.com/1186735
More information about the sle-updates
mailing list