- Issued:
- 2018-05-14
- Updated:
- 2018-05-14
RHBA-2018:1410 - scap-security-guide bug fix update
Synopsis
scap-security-guide bug fix update
Type/Severity
Bug Fix Advisory None
Topic
Updated scap-security-guide packages that fix several bugs are now available for Red Hat Enterprise Linux 7.
Description
The scap-security-guide project provides a guide for configuration of the system from the final system's security point of view. The guidance is specified in the Security Content Automation Protocol (SCAP) format and constitutes a catalog of practical hardening advice, linked to government requirements where applicable. The project bridges the gap between generalized policy requirements and specific implementation guidelines.
This update fixes the following bugs:
-
Prior to this update, the remediation parts for certain rules in the PCI-DSS, DISA STIG, and USGCB SCAP Security Guide (SSG) profiles were missing or incorrect. Consequently, the rules failed to remediate the system. With this update, the remediation parts for these rules have been added or fixed, and the mentioned SSG profiles are now able to remediate the system. (BZ#1571312)
-
Previously, the Open Vulnerability and Assessment Language (OVAL) check for the aide_scan_notification rule allow Advanced Intrusion Detection Environment (AIDE) notification e-mails to be sent only to root@*. As a consequence, scanning with the rule returned fail if the notification e-mail recipient was not root. The OVAL check has been fixed to allow also other e-mail addresses than root, and aide_scan_notification now works properly for all email addresses. (BZ#1571315)
-
Due to a bug in remediation for the kernel_module_loading rule, the rule did not fix the system properly and subsequent scans of a remediated system failed. With this update, the remediation has been fixed to add audit rules for both 32- and 64-bit architectures when remediating a 64-bit system. As a result, remediated systems can now pass scans with kernel_module_loading. (BZ#1571319)
Users of scap-security-guide are advised to upgrade to these updated packages, which fix these bugs.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | 7.7 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | 7.6 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 7.7 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 7.6 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 7.5 | x86_64 |
| Red Hat Enterprise Linux for Scientific Computing | 7 | x86_64 |
| Red Hat Enterprise Linux for Power, little endian | 7 | ppc64le |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | 7.7 | ppc64le |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | 7.6 | ppc64le |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | 7.5 | ppc64le |
| Red Hat Enterprise Linux for Power, big endian | 7 | ppc64 |
| Red Hat Enterprise Linux for Power, big endian - Extended Update Support | 7.7 | ppc64 |
| Red Hat Enterprise Linux for Power, big endian - Extended Update Support | 7.6 | ppc64 |
| Red Hat Enterprise Linux for Power, big endian - Extended Update Support | 7.5 | ppc64 |
| Red Hat Enterprise Linux for Power 9 | 7 | ppc64le |
| Red Hat Enterprise Linux for IBM z Systems | 7 | s390x |
| Red Hat Enterprise Linux for IBM z Systems - Extended Update Support | 7.7 | s390x |
| Red Hat Enterprise Linux for IBM z Systems - Extended Update Support | 7.6 | s390x |
| Red Hat Enterprise Linux for IBM z Systems - Extended Update Support | 7.5 | s390x |
| Red Hat Enterprise Linux for IBM System z (Structure A) | 7 | s390x |
| Red Hat Enterprise Linux for ARM 64 | 7 | aarch64 |
| Red Hat Enterprise Linux Workstation | 7 | x86_64 |
| Red Hat Enterprise Linux Server | 7 | x86_64 |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 7.7 | ppc64le |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 7.6 | ppc64le |
| Red Hat Enterprise Linux Server - TUS | 7.7 | x86_64 |
| Red Hat Enterprise Linux Server - TUS | 7.6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 7 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian | 7 | ppc64le |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian | 7 | ppc64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) | 7 | s390x |
| Red Hat Enterprise Linux Server - AUS | 7.7 | x86_64 |
| Red Hat Enterprise Linux Server - AUS | 7.6 | x86_64 |
| Red Hat Enterprise Linux EUS Compute Node | 7.7 | x86_64 |
| Red Hat Enterprise Linux EUS Compute Node | 7.6 | x86_64 |
| Red Hat Enterprise Linux EUS Compute Node | 7.5 | x86_64 |
| Red Hat Enterprise Linux Desktop | 7 | x86_64 |
Updated Packages
- scap-security-guide-0.1.36-9.el7_5.noarch.rpm
- scap-security-guide-0.1.36-9.el7_5.src.rpm
- scap-security-guide-doc-0.1.36-9.el7_5.noarch.rpm
Fixes
- This content is not included.BZ - 1571312
- This content is not included.BZ - 1571315
- This content is not included.BZ - 1571319
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.