Red Hat Product Errata RHBA-2018:1410 - Bug Fix Advisory

Issued:: 2018-05-14
Updated:: 2018-05-14

RHBA-2018:1410 - Bug Fix Advisory

Overview
Updated Packages

Synopsis

scap-security-guide bug fix update

Type/Severity

Bug Fix Advisory

Topic

Updated scap-security-guide packages that fix several bugs are now available for Red Hat Enterprise Linux 7.

Description

The scap-security-guide project provides a guide for configuration of the system from the final system's security point of view. The guidance is specified in the Security Content Automation Protocol (SCAP) format and constitutes a catalog of practical hardening advice, linked to government requirements where applicable. The project bridges the gap between generalized policy requirements and specific implementation guidelines.

This update fixes the following bugs:

Prior to this update, the remediation parts for certain rules in the PCI-DSS, DISA STIG, and USGCB SCAP Security Guide (SSG) profiles were missing or incorrect. Consequently, the rules failed to remediate the system. With this update, the remediation parts for these rules have been added or fixed, and the mentioned SSG profiles are now able to remediate the system. (BZ#1571312)
Previously, the Open Vulnerability and Assessment Language (OVAL) check for the aide_scan_notification rule allow Advanced Intrusion Detection Environment (AIDE) notification e-mails to be sent only to root@*. As a consequence, scanning with the rule returned fail if the notification e-mail recipient was not root. The OVAL check has been fixed to allow also other e-mail addresses than root, and aide_scan_notification now works properly for all email addresses. (BZ#1571315)
Due to a bug in remediation for the kernel_module_loading rule, the rule did not fix the system properly and subsequent scans of a remediated system failed. With this update, the remediation has been fixed to add audit rules for both 32- and 64-bit architectures when remediating a 64-bit system. As a result, remediated systems can now pass scans with kernel_module_loading. (BZ#1571319)

Users of scap-security-guide are advised to upgrade to these updated packages, which fix these bugs.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 7.6 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 7.5 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.5 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6 ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.5 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64
Red Hat Enterprise Linux EUS Compute Node 7.5 x86_64
Red Hat Enterprise Linux Server - AUS 7.6 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6 s390x
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.5 ppc64le
Red Hat Enterprise Linux Server - TUS 7.6 x86_64
Red Hat Enterprise Linux for ARM 64 7 aarch64
Red Hat Enterprise Linux for Power 9 7 ppc64le
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64
Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x

Fixes

BZ - 1571312 - Some rules in PCI-DSS, DISA STIG and USGCB Profile fail to remediate [rhel-7.5.z]
BZ - 1571315 - Rule xccdf_org.ssgproject.content_rule_aide_scan_notification fails when email ID other than root@. is given [rhel-7.5.z]
BZ - 1571319 - Rule audit_rules_kernel_module_loading does not remediate properly [rhel-7.5.z]

CVEs

(none)

References

(none)

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
scap-security-guide-0.1.36-9.el7_5.src.rpm	SHA-256: 3d7ef1493ad4add4f1a3d2ff6a533c2d387973fffe77472d0a73561b4a82e290
x86_64
scap-security-guide-0.1.36-9.el7_5.noarch.rpm	SHA-256: d5a7cc3bcdfb2e47acc4f0c7935ab4d7011075e13b6b19761d7b552d10a197f1
scap-security-guide-doc-0.1.36-9.el7_5.noarch.rpm	SHA-256: 1f6decd904170a5cf56067496510d3d0529f51ff63feb9ec0370c1e233c1415d

Red Hat Enterprise Linux Server - Extended Update Support 7.6

SRPM
scap-security-guide-0.1.36-9.el7_5.src.rpm	SHA-256: 3d7ef1493ad4add4f1a3d2ff6a533c2d387973fffe77472d0a73561b4a82e290
x86_64
scap-security-guide-0.1.36-9.el7_5.noarch.rpm	SHA-256: d5a7cc3bcdfb2e47acc4f0c7935ab4d7011075e13b6b19761d7b552d10a197f1
scap-security-guide-doc-0.1.36-9.el7_5.noarch.rpm	SHA-256: 1f6decd904170a5cf56067496510d3d0529f51ff63feb9ec0370c1e233c1415d

Red Hat Enterprise Linux Server - Extended Update Support 7.5

SRPM
scap-security-guide-0.1.36-9.el7_5.src.rpm	SHA-256: 3d7ef1493ad4add4f1a3d2ff6a533c2d387973fffe77472d0a73561b4a82e290
x86_64
scap-security-guide-0.1.36-9.el7_5.noarch.rpm	SHA-256: d5a7cc3bcdfb2e47acc4f0c7935ab4d7011075e13b6b19761d7b552d10a197f1
scap-security-guide-doc-0.1.36-9.el7_5.noarch.rpm	SHA-256: 1f6decd904170a5cf56067496510d3d0529f51ff63feb9ec0370c1e233c1415d

Red Hat Enterprise Linux Server - AUS 7.6

SRPM
scap-security-guide-0.1.36-9.el7_5.src.rpm	SHA-256: 3d7ef1493ad4add4f1a3d2ff6a533c2d387973fffe77472d0a73561b4a82e290
x86_64
scap-security-guide-0.1.36-9.el7_5.noarch.rpm	SHA-256: d5a7cc3bcdfb2e47acc4f0c7935ab4d7011075e13b6b19761d7b552d10a197f1
scap-security-guide-doc-0.1.36-9.el7_5.noarch.rpm	SHA-256: 1f6decd904170a5cf56067496510d3d0529f51ff63feb9ec0370c1e233c1415d

Red Hat Enterprise Linux Workstation 7

SRPM
scap-security-guide-0.1.36-9.el7_5.src.rpm	SHA-256: 3d7ef1493ad4add4f1a3d2ff6a533c2d387973fffe77472d0a73561b4a82e290
x86_64
scap-security-guide-0.1.36-9.el7_5.noarch.rpm	SHA-256: d5a7cc3bcdfb2e47acc4f0c7935ab4d7011075e13b6b19761d7b552d10a197f1
scap-security-guide-doc-0.1.36-9.el7_5.noarch.rpm	SHA-256: 1f6decd904170a5cf56067496510d3d0529f51ff63feb9ec0370c1e233c1415d

Red Hat Enterprise Linux Desktop 7

SRPM
scap-security-guide-0.1.36-9.el7_5.src.rpm	SHA-256: 3d7ef1493ad4add4f1a3d2ff6a533c2d387973fffe77472d0a73561b4a82e290
x86_64
scap-security-guide-0.1.36-9.el7_5.noarch.rpm	SHA-256: d5a7cc3bcdfb2e47acc4f0c7935ab4d7011075e13b6b19761d7b552d10a197f1
scap-security-guide-doc-0.1.36-9.el7_5.noarch.rpm	SHA-256: 1f6decd904170a5cf56067496510d3d0529f51ff63feb9ec0370c1e233c1415d

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
scap-security-guide-0.1.36-9.el7_5.src.rpm	SHA-256: 3d7ef1493ad4add4f1a3d2ff6a533c2d387973fffe77472d0a73561b4a82e290
s390x
scap-security-guide-0.1.36-9.el7_5.noarch.rpm	SHA-256: d5a7cc3bcdfb2e47acc4f0c7935ab4d7011075e13b6b19761d7b552d10a197f1
scap-security-guide-doc-0.1.36-9.el7_5.noarch.rpm	SHA-256: 1f6decd904170a5cf56067496510d3d0529f51ff63feb9ec0370c1e233c1415d

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6

SRPM
scap-security-guide-0.1.36-9.el7_5.src.rpm	SHA-256: 3d7ef1493ad4add4f1a3d2ff6a533c2d387973fffe77472d0a73561b4a82e290
s390x
scap-security-guide-0.1.36-9.el7_5.noarch.rpm	SHA-256: d5a7cc3bcdfb2e47acc4f0c7935ab4d7011075e13b6b19761d7b552d10a197f1
scap-security-guide-doc-0.1.36-9.el7_5.noarch.rpm	SHA-256: 1f6decd904170a5cf56067496510d3d0529f51ff63feb9ec0370c1e233c1415d

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.5

SRPM
scap-security-guide-0.1.36-9.el7_5.src.rpm	SHA-256: 3d7ef1493ad4add4f1a3d2ff6a533c2d387973fffe77472d0a73561b4a82e290
s390x
scap-security-guide-0.1.36-9.el7_5.noarch.rpm	SHA-256: d5a7cc3bcdfb2e47acc4f0c7935ab4d7011075e13b6b19761d7b552d10a197f1
scap-security-guide-doc-0.1.36-9.el7_5.noarch.rpm	SHA-256: 1f6decd904170a5cf56067496510d3d0529f51ff63feb9ec0370c1e233c1415d

Red Hat Enterprise Linux for Power, big endian 7

SRPM
scap-security-guide-0.1.36-9.el7_5.src.rpm	SHA-256: 3d7ef1493ad4add4f1a3d2ff6a533c2d387973fffe77472d0a73561b4a82e290
ppc64
scap-security-guide-0.1.36-9.el7_5.noarch.rpm	SHA-256: d5a7cc3bcdfb2e47acc4f0c7935ab4d7011075e13b6b19761d7b552d10a197f1
scap-security-guide-doc-0.1.36-9.el7_5.noarch.rpm	SHA-256: 1f6decd904170a5cf56067496510d3d0529f51ff63feb9ec0370c1e233c1415d

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6

SRPM
scap-security-guide-0.1.36-9.el7_5.src.rpm	SHA-256: 3d7ef1493ad4add4f1a3d2ff6a533c2d387973fffe77472d0a73561b4a82e290
ppc64
scap-security-guide-0.1.36-9.el7_5.noarch.rpm	SHA-256: d5a7cc3bcdfb2e47acc4f0c7935ab4d7011075e13b6b19761d7b552d10a197f1
scap-security-guide-doc-0.1.36-9.el7_5.noarch.rpm	SHA-256: 1f6decd904170a5cf56067496510d3d0529f51ff63feb9ec0370c1e233c1415d

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.5

SRPM
scap-security-guide-0.1.36-9.el7_5.src.rpm	SHA-256: 3d7ef1493ad4add4f1a3d2ff6a533c2d387973fffe77472d0a73561b4a82e290
ppc64
scap-security-guide-0.1.36-9.el7_5.noarch.rpm	SHA-256: d5a7cc3bcdfb2e47acc4f0c7935ab4d7011075e13b6b19761d7b552d10a197f1
scap-security-guide-doc-0.1.36-9.el7_5.noarch.rpm	SHA-256: 1f6decd904170a5cf56067496510d3d0529f51ff63feb9ec0370c1e233c1415d

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
scap-security-guide-0.1.36-9.el7_5.src.rpm	SHA-256: 3d7ef1493ad4add4f1a3d2ff6a533c2d387973fffe77472d0a73561b4a82e290
x86_64
scap-security-guide-0.1.36-9.el7_5.noarch.rpm	SHA-256: d5a7cc3bcdfb2e47acc4f0c7935ab4d7011075e13b6b19761d7b552d10a197f1
scap-security-guide-doc-0.1.36-9.el7_5.noarch.rpm	SHA-256: 1f6decd904170a5cf56067496510d3d0529f51ff63feb9ec0370c1e233c1415d

Red Hat Enterprise Linux EUS Compute Node 7.6

SRPM
scap-security-guide-0.1.36-9.el7_5.src.rpm	SHA-256: 3d7ef1493ad4add4f1a3d2ff6a533c2d387973fffe77472d0a73561b4a82e290
x86_64
scap-security-guide-0.1.36-9.el7_5.noarch.rpm	SHA-256: d5a7cc3bcdfb2e47acc4f0c7935ab4d7011075e13b6b19761d7b552d10a197f1
scap-security-guide-doc-0.1.36-9.el7_5.noarch.rpm	SHA-256: 1f6decd904170a5cf56067496510d3d0529f51ff63feb9ec0370c1e233c1415d

Red Hat Enterprise Linux EUS Compute Node 7.5

SRPM
scap-security-guide-0.1.36-9.el7_5.src.rpm	SHA-256: 3d7ef1493ad4add4f1a3d2ff6a533c2d387973fffe77472d0a73561b4a82e290
x86_64
scap-security-guide-0.1.36-9.el7_5.noarch.rpm	SHA-256: d5a7cc3bcdfb2e47acc4f0c7935ab4d7011075e13b6b19761d7b552d10a197f1
scap-security-guide-doc-0.1.36-9.el7_5.noarch.rpm	SHA-256: 1f6decd904170a5cf56067496510d3d0529f51ff63feb9ec0370c1e233c1415d

Red Hat Enterprise Linux for Power, little endian 7

SRPM
scap-security-guide-0.1.36-9.el7_5.src.rpm	SHA-256: 3d7ef1493ad4add4f1a3d2ff6a533c2d387973fffe77472d0a73561b4a82e290
ppc64le
scap-security-guide-0.1.36-9.el7_5.noarch.rpm	SHA-256: d5a7cc3bcdfb2e47acc4f0c7935ab4d7011075e13b6b19761d7b552d10a197f1
scap-security-guide-doc-0.1.36-9.el7_5.noarch.rpm	SHA-256: 1f6decd904170a5cf56067496510d3d0529f51ff63feb9ec0370c1e233c1415d

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6

SRPM
scap-security-guide-0.1.36-9.el7_5.src.rpm	SHA-256: 3d7ef1493ad4add4f1a3d2ff6a533c2d387973fffe77472d0a73561b4a82e290
ppc64le
scap-security-guide-0.1.36-9.el7_5.noarch.rpm	SHA-256: d5a7cc3bcdfb2e47acc4f0c7935ab4d7011075e13b6b19761d7b552d10a197f1
scap-security-guide-doc-0.1.36-9.el7_5.noarch.rpm	SHA-256: 1f6decd904170a5cf56067496510d3d0529f51ff63feb9ec0370c1e233c1415d

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.5

SRPM
scap-security-guide-0.1.36-9.el7_5.src.rpm	SHA-256: 3d7ef1493ad4add4f1a3d2ff6a533c2d387973fffe77472d0a73561b4a82e290
ppc64le
scap-security-guide-0.1.36-9.el7_5.noarch.rpm	SHA-256: d5a7cc3bcdfb2e47acc4f0c7935ab4d7011075e13b6b19761d7b552d10a197f1
scap-security-guide-doc-0.1.36-9.el7_5.noarch.rpm	SHA-256: 1f6decd904170a5cf56067496510d3d0529f51ff63feb9ec0370c1e233c1415d

Red Hat Enterprise Linux Server - TUS 7.6

SRPM
scap-security-guide-0.1.36-9.el7_5.src.rpm	SHA-256: 3d7ef1493ad4add4f1a3d2ff6a533c2d387973fffe77472d0a73561b4a82e290
x86_64
scap-security-guide-0.1.36-9.el7_5.noarch.rpm	SHA-256: d5a7cc3bcdfb2e47acc4f0c7935ab4d7011075e13b6b19761d7b552d10a197f1
scap-security-guide-doc-0.1.36-9.el7_5.noarch.rpm	SHA-256: 1f6decd904170a5cf56067496510d3d0529f51ff63feb9ec0370c1e233c1415d

Red Hat Enterprise Linux for ARM 64 7

SRPM
scap-security-guide-0.1.36-9.el7_5.src.rpm	SHA-256: 3d7ef1493ad4add4f1a3d2ff6a533c2d387973fffe77472d0a73561b4a82e290
aarch64
scap-security-guide-0.1.36-9.el7_5.noarch.rpm	SHA-256: d5a7cc3bcdfb2e47acc4f0c7935ab4d7011075e13b6b19761d7b552d10a197f1
scap-security-guide-doc-0.1.36-9.el7_5.noarch.rpm	SHA-256: 1f6decd904170a5cf56067496510d3d0529f51ff63feb9ec0370c1e233c1415d

Red Hat Enterprise Linux for Power 9 7

SRPM
scap-security-guide-0.1.36-9.el7_5.src.rpm	SHA-256: 3d7ef1493ad4add4f1a3d2ff6a533c2d387973fffe77472d0a73561b4a82e290
ppc64le
scap-security-guide-0.1.36-9.el7_5.noarch.rpm	SHA-256: d5a7cc3bcdfb2e47acc4f0c7935ab4d7011075e13b6b19761d7b552d10a197f1
scap-security-guide-doc-0.1.36-9.el7_5.noarch.rpm	SHA-256: 1f6decd904170a5cf56067496510d3d0529f51ff63feb9ec0370c1e233c1415d

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6

SRPM
scap-security-guide-0.1.36-9.el7_5.src.rpm	SHA-256: 3d7ef1493ad4add4f1a3d2ff6a533c2d387973fffe77472d0a73561b4a82e290
ppc64le
scap-security-guide-0.1.36-9.el7_5.noarch.rpm	SHA-256: d5a7cc3bcdfb2e47acc4f0c7935ab4d7011075e13b6b19761d7b552d10a197f1
scap-security-guide-doc-0.1.36-9.el7_5.noarch.rpm	SHA-256: 1f6decd904170a5cf56067496510d3d0529f51ff63feb9ec0370c1e233c1415d

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6

SRPM
scap-security-guide-0.1.36-9.el7_5.src.rpm	SHA-256: 3d7ef1493ad4add4f1a3d2ff6a533c2d387973fffe77472d0a73561b4a82e290
x86_64
scap-security-guide-0.1.36-9.el7_5.noarch.rpm	SHA-256: d5a7cc3bcdfb2e47acc4f0c7935ab4d7011075e13b6b19761d7b552d10a197f1
scap-security-guide-doc-0.1.36-9.el7_5.noarch.rpm	SHA-256: 1f6decd904170a5cf56067496510d3d0529f51ff63feb9ec0370c1e233c1415d

Red Hat Enterprise Linux for IBM System z (Structure A) 7

SRPM
scap-security-guide-0.1.36-9.el7_5.src.rpm	SHA-256: 3d7ef1493ad4add4f1a3d2ff6a533c2d387973fffe77472d0a73561b4a82e290
s390x
scap-security-guide-0.1.36-9.el7_5.noarch.rpm	SHA-256: d5a7cc3bcdfb2e47acc4f0c7935ab4d7011075e13b6b19761d7b552d10a197f1
scap-security-guide-doc-0.1.36-9.el7_5.noarch.rpm	SHA-256: 1f6decd904170a5cf56067496510d3d0529f51ff63feb9ec0370c1e233c1415d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.