Recommended update for openscap
| Announcement ID: | SUSE-RU-2021:3542-1 |
|---|---|
| Rating: | moderate |
| References: | |
| Affected Products: |
|
An update that has one fix can now be installed.
Description:
This update for openscap fixes the following issues:
- Since upstream has moved to Python 3, switch the BuildRequires from 'python-devel' to 'python3-devel'.
- Add definitions for SUSE Linux Enterprise Server, SUSE Linux Enterprise Desktop, openSUSE Tumbleweed, openSUSE Leap and Fedora to the CPE dictionary. (bsc#1186735)
-
Add updated definitions for openSUSE Tumbleweed, openSUSE Leap and Wind River Linux using the Open Vulnerability and Assessment Language. (bsc#1186735)
-
openscap 1.3.5
- New features
- Made 'schematron-based' validation enabled by default for validate command of 'oval' and 'xccdf' modules
- Added SCAP 1.3 source data stream Schematron
- Added XML Signature Validation
- Added '--enforce-signature' option for eval, guide, and fix modules
- Added <content> entity support (OVAL/yamlfilecontent)
- Allowed to clamp mtime to SOURCE_DATE_EPOCH
- Added severity and role attributes
- Added support for requires/conflicts elements of the Rule and Group (XCCDF)
- Added Kubernetes remediation to HTML report
- Maintenance, bug fix
- Fixed CMake warnings
- Made 'gpfs', 'proc' and 'sysfs' filesystems non-local
- Fixed handling of '--arg=val'-styled common options
- Documented used environment variables
- Updated man page and help texts
- Added '--skip-validation' option synonym for '--skip-valid'
- Fixed behavior of StateType operator
- Fixed coverity warnings
- Ignoring namespace in XPath expressions
- Fixed how 'oval_probe_ext_eval' checks absence of the response from the probe (obtrusive data warning)
- Described SWID tags detection
- Improved documentation about '--stig-viewer' option
- File probe behaviour fixed (symlink traversal now behaves as defined by OVAL)
- Fixed multiple segfaults and broken test in '--stig-viewer' feature
- Added dpkg version comparison algorithm
- Fixed 'TestResult/benchmark/@href' attribute
- Fixed memory allocation
- Fixed field names for cases where key selection section is followed by a set section (probes/yamfilecontent)
- Changing hard coded libperl path in favor of FindPerlLibs method
- Check local filesystems when using 'filepath' element
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
Basesystem Module 15-SP2
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3542=1 -
Basesystem Module 15-SP3
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3542=1
Package List:
-
Basesystem Module 15-SP2 (aarch64 ppc64le s390x x86_64)
- openscap-debuginfo-1.3.5-3.6.1
- openscap-content-1.3.5-3.6.1
- openscap-1.3.5-3.6.1
- openscap-utils-1.3.5-3.6.1
- libopenscap25-1.3.5-3.6.1
- openscap-debugsource-1.3.5-3.6.1
- libopenscap25-debuginfo-1.3.5-3.6.1
- openscap-devel-1.3.5-3.6.1
- openscap-utils-debuginfo-1.3.5-3.6.1
-
Basesystem Module 15-SP3 (aarch64 ppc64le s390x x86_64)
- openscap-debuginfo-1.3.5-3.6.1
- openscap-docker-1.3.5-3.6.1
- openscap-content-1.3.5-3.6.1
- openscap-1.3.5-3.6.1
- openscap-utils-1.3.5-3.6.1
- libopenscap25-1.3.5-3.6.1
- openscap-debugsource-1.3.5-3.6.1
- libopenscap25-debuginfo-1.3.5-3.6.1
- openscap-devel-1.3.5-3.6.1
- openscap-utils-debuginfo-1.3.5-3.6.1