openSUSE-RU-2021:3542-1: moderate: Recommended update for openscap
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
openSUSE Recommended Update: Recommended update for openscap ______________________________________________________________________________ Announcement ID: openSUSE-RU-2021:3542-1 Rating: moderate References: #1186735 Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openscap fixes the following issues: - Since upstream has moved to Python 3, switch the BuildRequires from 'python-devel' to 'python3-devel'. - Add definitions for SUSE Linux Enterprise Server, SUSE Linux Enterprise Desktop, openSUSE Tumbleweed, openSUSE Leap and Fedora to the CPE dictionary. (bsc#1186735) - Add updated definitions for openSUSE Tumbleweed, openSUSE Leap and Wind River Linux using the Open Vulnerability and Assessment Language. (bsc#1186735) - openscap 1.3.5 - New features - Made 'schematron-based' validation enabled by default for validate command of 'oval' and 'xccdf' modules - Added SCAP 1.3 source data stream Schematron - Added XML Signature Validation - Added '--enforce-signature' option for eval, guide, and fix modules - Added <content> entity support (OVAL/yamlfilecontent) - Allowed to clamp mtime to SOURCE_DATE_EPOCH - Added severity and role attributes - Added support for requires/conflicts elements of the Rule and Group (XCCDF) - Added Kubernetes remediation to HTML report - Maintenance, bug fix - Fixed CMake warnings - Made 'gpfs', 'proc' and 'sysfs' filesystems non-local - Fixed handling of '--arg=val'-styled common options - Documented used environment variables - Updated man page and help texts - Added '--skip-validation' option synonym for '--skip-valid' - Fixed behavior of StateType operator - Fixed coverity warnings - Ignoring namespace in XPath expressions - Fixed how 'oval_probe_ext_eval' checks absence of the response from the probe (obtrusive data warning) - Described SWID tags detection - Improved documentation about '--stig-viewer' option - File probe behaviour fixed (symlink traversal now behaves as defined by OVAL) - Fixed multiple segfaults and broken test in '--stig-viewer' feature - Added dpkg version comparison algorithm - Fixed 'TestResult/benchmark/@href' attribute - Fixed memory allocation - Fixed field names for cases where key selection section is followed by a set section (probes/yamfilecontent) - Changing hard coded libperl path in favor of FindPerlLibs method - Check local filesystems when using 'filepath' element Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-3542=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libopenscap25-1.3.5-3.6.1 libopenscap25-debuginfo-1.3.5-3.6.1 libopenscap_sce25-1.3.5-3.6.1 libopenscap_sce25-debuginfo-1.3.5-3.6.1 openscap-1.3.5-3.6.1 openscap-content-1.3.5-3.6.1 openscap-debuginfo-1.3.5-3.6.1 openscap-debugsource-1.3.5-3.6.1 openscap-devel-1.3.5-3.6.1 openscap-docker-1.3.5-3.6.1 openscap-utils-1.3.5-3.6.1 openscap-utils-debuginfo-1.3.5-3.6.1 References: https://bugzilla.suse.com/1186735
participants (1)
-
maintenance@opensuse.org