Recommended update for openscap

Announcement ID: SUSE-RU-2022:4590-1
Rating: moderate
References:
Affected Products:
  • Basesystem Module 15-SP4
  • openSUSE Leap 15.4
  • SUSE Linux Enterprise Desktop 15 SP4
  • SUSE Linux Enterprise High Performance Computing 15 SP4
  • SUSE Linux Enterprise Real Time 15 SP4
  • SUSE Linux Enterprise Server 15 SP4
  • SUSE Linux Enterprise Server for SAP Applications 15 SP4
  • SUSE Manager Proxy 4.3
  • SUSE Manager Retail Branch Server 4.3
  • SUSE Manager Server 4.3

An update that has two fixes can now be installed.

Description:

This update for openscap fixes the following issues:

Added openSUSE Leap 15.4 and 15.5 dictionary entries. (bsc#1203408 bsc#1197599)

openscap was updated to 1.3.6

  • New features

  • Select and exclude groups of rules on the command line

  • The boot-time remediation service for systemd's Offline Update mode
  • Memory limit control using OSCAP_PROBE_MEMORY_USAGE_RATIO environment variable
  • Allow disablement of SHA-1 and MD5
  • Allow providing pre-downloaded components

  • Introduce OSBuild Blueprint fix type

  • Maintenance, bug fixes

  • Fix coverity issues

  • Patch the segfault in dpkginfo_fini()
  • Add an alternative source of hostname
  • Fail download on HTTP errors
  • Compile "environmentvariable_probe" on Windows
  • FreeBSD build and test fixes
  • Add offline mode for password probe
  • Initialize crypto API only once
  • Fix UBI 9 scan
  • oval/yamlfilecontent: Add 'null' values handling
  • Do not set Rpath
  • Do not split XCCDF:requires with multiple idrefs
  • Allow empty /proc in offline mode
  • oscap-remediate is shipped via /usr/bin.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.4
    zypper in -t patch openSUSE-SLE-15.4-2022-4590=1
  • Basesystem Module 15-SP4
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4590=1

Package List:

  • openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
    • openscap-debuginfo-1.3.6-150400.11.3.1
    • openscap-devel-1.3.6-150400.11.3.1
    • openscap-1.3.6-150400.11.3.1
    • openscap-content-1.3.6-150400.11.3.1
    • libopenscap25-1.3.6-150400.11.3.1
    • openscap-containers-1.3.6-150400.11.3.1
    • openscap-utils-1.3.6-150400.11.3.1
    • openscap-utils-debuginfo-1.3.6-150400.11.3.1
    • libopenscap_sce25-debuginfo-1.3.6-150400.11.3.1
    • openscap-debugsource-1.3.6-150400.11.3.1
    • libopenscap_sce25-1.3.6-150400.11.3.1
    • libopenscap25-debuginfo-1.3.6-150400.11.3.1
  • Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
    • openscap-debuginfo-1.3.6-150400.11.3.1
    • openscap-devel-1.3.6-150400.11.3.1
    • openscap-1.3.6-150400.11.3.1
    • openscap-content-1.3.6-150400.11.3.1
    • libopenscap25-1.3.6-150400.11.3.1
    • openscap-utils-debuginfo-1.3.6-150400.11.3.1
    • openscap-utils-1.3.6-150400.11.3.1
    • openscap-debugsource-1.3.6-150400.11.3.1
    • openscap-containers-1.3.6-150400.11.3.1
    • libopenscap25-debuginfo-1.3.6-150400.11.3.1

References: