Red Hat Product Errata RHBA-2018:0761 - Bug Fix Advisory

Issued:: 2018-04-10
Updated:: 2018-04-10

RHBA-2018:0761 - Bug Fix Advisory

Overview
Updated Packages

Synopsis

scap-security-guide bug fix and enhancement update

Type/Severity

Bug Fix Advisory

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for scap-security-guide is now available for Red Hat Enterprise Linux 7.

Description

The scap-security-guide project provides a guide for configuration of the system from the final system's security point of view. The guidance is specified in the Security Content Automation Protocol (SCAP) format and constitutes a catalog of practical hardening advice, linked to government requirements where applicable. The project bridges the gap between generalized policy requirements and specific implementation guidelines.

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.

Users of scap-security-guide are advised to upgrade to these updated packages.

Solution

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6 x86_64
Red Hat Enterprise Linux Server - AUS 7.7 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7 ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux EUS Compute Node 7.7 x86_64
Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64
Red Hat Enterprise Linux Server - AUS 7.6 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le
Red Hat Enterprise Linux Server - TUS 7.7 x86_64
Red Hat Enterprise Linux Server - TUS 7.6 x86_64
Red Hat Enterprise Linux for ARM 64 7 aarch64
Red Hat Enterprise Linux for Power 9 7 ppc64le
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.7 ppc64le
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.6 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.7 x86_64
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.6 x86_64
Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x

Fixes

BZ - 1404429 - SCAP Security Guide's remediations conflict with Ansible playbooks
BZ - 1447760 - some http references in Guide obsoleted
BZ - 1449302 - STIG profile names are indented
BZ - 1457442 - Two benchmarks shipped are titled the same
BZ - 1464899 - url to disa srgs dead
BZ - 1465677 - rule_ensure_gpgcheck_repo_metadata should not remediate, until Red Hat supports it
BZ - 1465681 - rule_package_aide_installed is not enabled in profile_stig-rhel7-disa
BZ - 1465683 - rule_accounts_have_homedir_login_defs has reversed check
BZ - 1465691 - guides and roles duplicate in /usr/share/doc/scap-security-guide{,-doc} directories
BZ - 1472499 - Tracking: Support for Atomic Harden feature in SCAP Security Guide
BZ - 1478414 - hardening makes computer not accessible by ssh
BZ - 1487579 - Rebase SCAP Security Guide to latest upstream in RHEL 7.5
BZ - 1490792 - OpenScap Rule 'xccdf_org.ssgproject.content_rule_sshd_use_priv_separation' incorrectly fails the check if secure 'sandbox' option is used on a RHEL7 system.
BZ - 1505553 - All rules in DISA STIG profile needs to have STIG rule ID defined
BZ - 1520493 - open-scap reports an "error" when checking "Set Daemon Umask"
BZ - 1521081 - malformed title of DISA STIG profile in RHEL6 datastream
BZ - 1522956 - sshd_required flag mishandled in sshd rules OVALs
BZ - 1523809 - rule file_ownership_library_dirs checks all /usr/lib* paths
BZ - 1523827 - SSG does not reflect RhostsRSAAuthentication is deprecated in openssh-7.4+
BZ - 1524738 - some remediations fail because of missing functions

CVEs

(none)

References

https://access.redhat.com/documentation/en-US/red_hat_enterprise_linux/7/html/7.5_release_notes/index.html

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
x86_64
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
x86_64
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
x86_64
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux Server - AUS 7.7

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
x86_64
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux Server - AUS 7.6

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
x86_64
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux Workstation 7

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
x86_64
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux Desktop 7

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
x86_64
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
s390x
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
s390x
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
s390x
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux for Power, big endian 7

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
ppc64
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
ppc64
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
ppc64
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
x86_64
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux EUS Compute Node 7.7

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
x86_64
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux EUS Compute Node 7.6

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
x86_64
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux for Power, little endian 7

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
ppc64le
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
ppc64le
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
ppc64le
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux Server - TUS 7.7

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
x86_64
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux Server - TUS 7.6

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
x86_64
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux for ARM 64 7

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
aarch64
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux for Power 9 7

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
ppc64le
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.7

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
ppc64le
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.6

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
ppc64le
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.7

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
x86_64
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.6

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
x86_64
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

Red Hat Enterprise Linux for IBM System z (Structure A) 7

SRPM
scap-security-guide-0.1.36-7.el7.src.rpm	SHA-256: 6f83e99e24c81632591bb455e48020251b6aca1e3ae01f7ebdfb9ba3b7f9c10d
s390x
scap-security-guide-0.1.36-7.el7.noarch.rpm	SHA-256: ad47dcfa846937cb9dec3c411cbc14e2f0d8adafce4ee8ef751243659a44f17f
scap-security-guide-doc-0.1.36-7.el7.noarch.rpm	SHA-256: 676dfbb3fc2c517f4fe201f857fb79c9e50fc994b651a94c3f5f9c9753d62964

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.