SUSE Recommended Update: Recommended update for openscap ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4590-1 Rating: moderate References: #1197599 #1203408 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openscap fixes the following issues: Added openSUSE Leap 15.4 and 15.5 dictionary entries. (bsc#1203408 bsc#1197599) openscap was updated to 1.3.6 * New features - Select and exclude groups of rules on the command line - The boot-time remediation service for systemd's Offline Update mode - Memory limit control using OSCAP_PROBE_MEMORY_USAGE_RATIO environment variable - Allow disablement of SHA-1 and MD5 - Allow providing pre-downloaded components - Introduce OSBuild Blueprint fix type * Maintenance, bug fixes - Fix coverity issues - Patch the `segfault` in dpkginfo_fini() - Add an alternative source of hostname - Fail download on HTTP errors - Compile "environmentvariable_probe" on Windows - FreeBSD build and test fixes - Add offline mode for password probe - Initialize crypto API only once - Fix UBI 9 scan - oval/yamlfilecontent: Add 'null' values handling - Do not set Rpath - Do not split `XCCDF:requires` with multiple `idrefs` - Allow empty /proc in offline mode - oscap-remediate is shipped via /usr/bin. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4590=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4590=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libopenscap25-1.3.6-150400.11.3.1 libopenscap25-debuginfo-1.3.6-150400.11.3.1 libopenscap_sce25-1.3.6-150400.11.3.1 libopenscap_sce25-debuginfo-1.3.6-150400.11.3.1 openscap-1.3.6-150400.11.3.1 openscap-containers-1.3.6-150400.11.3.1 openscap-content-1.3.6-150400.11.3.1 openscap-debuginfo-1.3.6-150400.11.3.1 openscap-debugsource-1.3.6-150400.11.3.1 openscap-devel-1.3.6-150400.11.3.1 openscap-utils-1.3.6-150400.11.3.1 openscap-utils-debuginfo-1.3.6-150400.11.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libopenscap25-1.3.6-150400.11.3.1 libopenscap25-debuginfo-1.3.6-150400.11.3.1 openscap-1.3.6-150400.11.3.1 openscap-containers-1.3.6-150400.11.3.1 openscap-content-1.3.6-150400.11.3.1 openscap-debuginfo-1.3.6-150400.11.3.1 openscap-debugsource-1.3.6-150400.11.3.1 openscap-devel-1.3.6-150400.11.3.1 openscap-utils-1.3.6-150400.11.3.1 openscap-utils-debuginfo-1.3.6-150400.11.3.1 References: https://bugzilla.suse.com/1197599 https://bugzilla.suse.com/1203408