- Issued:
- 2020-09-15
- Updated:
- 2020-09-15
RHBA-2020:3743 - Bug Fix Advisory
Synopsis
scap-security-guide bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for scap-security-guide is now available for Red Hat Enterprise
Linux 8.1 Extended Update Support.
Description
The scap-security-guide project provides a guide for configuration of the
system from the final system's security point of view. The guidance is
specified in the Security Content Automation Protocol (SCAP) format and
constitutes a catalog of practical hardening advice, linked to government
requirements where applicable. The project bridges the gap between
generalized policy requirements and specific implementation guidelines.
Bug Fix(es) and Enhancement(s):
- Rule configure_openssl_crypto_policy checks for wrong file (cce@rhel8:
80938-4) (BZ#1860293)
- grub2_uefi_password doesn't actually work on UEFI for Common Criteria
(BZ#1860295)
- add rsa-sha2-256,rsa-sha2-512 to PubkeyAcceptedKeyTypes for OSPP
(BZ#1860297)
- Update scap-security-guide in RHEL-8.1 to include updates to OSPP Profile
for Common Criteria (BZ#1860299)
- Remove CCM mode from TLS settings (BZ#1860300)
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64
Fixes
- BZ - 1860297 - add rsa-sha2-256,rsa-sha2-512 to PubkeyAcceptedKeyTypes for OSPP [rhel-8.1.0.z]
- BZ - 1860299 - Update scap-security-guide in RHEL-8.1 to include updates to OSPP Profile for Common Criteria [rhel-8.1.0.z]
- BZ - 1860300 - Remove CCM mode from TLS settings [rhel-8.1.0.z]
CVEs
(none)
References
(none)
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1
| SRPM | |
|---|---|
| scap-security-guide-0.1.47-8.el8_1.src.rpm | SHA-256: 37a37d133311ca896cecc2457f8666609015d7b1de773ce2ed41a546e8d9717d |
| x86_64 | |
| scap-security-guide-0.1.47-8.el8_1.noarch.rpm | SHA-256: e7a830b252f7ee155eee393c3e029381389833f2558e6e5ab7a4d76a290624b0 |
| scap-security-guide-doc-0.1.47-8.el8_1.noarch.rpm | SHA-256: c3eeab1242f9bf7139dfc81988e4d8cdf5baa55fa29182903a421a6a507c5c03 |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1
| SRPM | |
|---|---|
| scap-security-guide-0.1.47-8.el8_1.src.rpm | SHA-256: 37a37d133311ca896cecc2457f8666609015d7b1de773ce2ed41a546e8d9717d |
| s390x | |
| scap-security-guide-0.1.47-8.el8_1.noarch.rpm | SHA-256: e7a830b252f7ee155eee393c3e029381389833f2558e6e5ab7a4d76a290624b0 |
| scap-security-guide-doc-0.1.47-8.el8_1.noarch.rpm | SHA-256: c3eeab1242f9bf7139dfc81988e4d8cdf5baa55fa29182903a421a6a507c5c03 |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1
| SRPM | |
|---|---|
| scap-security-guide-0.1.47-8.el8_1.src.rpm | SHA-256: 37a37d133311ca896cecc2457f8666609015d7b1de773ce2ed41a546e8d9717d |
| ppc64le | |
| scap-security-guide-0.1.47-8.el8_1.noarch.rpm | SHA-256: e7a830b252f7ee155eee393c3e029381389833f2558e6e5ab7a4d76a290624b0 |
| scap-security-guide-doc-0.1.47-8.el8_1.noarch.rpm | SHA-256: c3eeab1242f9bf7139dfc81988e4d8cdf5baa55fa29182903a421a6a507c5c03 |
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1
| SRPM | |
|---|---|
| scap-security-guide-0.1.47-8.el8_1.src.rpm | SHA-256: 37a37d133311ca896cecc2457f8666609015d7b1de773ce2ed41a546e8d9717d |
| aarch64 | |
| scap-security-guide-0.1.47-8.el8_1.noarch.rpm | SHA-256: e7a830b252f7ee155eee393c3e029381389833f2558e6e5ab7a4d76a290624b0 |
| scap-security-guide-doc-0.1.47-8.el8_1.noarch.rpm | SHA-256: c3eeab1242f9bf7139dfc81988e4d8cdf5baa55fa29182903a421a6a507c5c03 |
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1
| SRPM | |
|---|---|
| scap-security-guide-0.1.47-8.el8_1.src.rpm | SHA-256: 37a37d133311ca896cecc2457f8666609015d7b1de773ce2ed41a546e8d9717d |
| ppc64le | |
| scap-security-guide-0.1.47-8.el8_1.noarch.rpm | SHA-256: e7a830b252f7ee155eee393c3e029381389833f2558e6e5ab7a4d76a290624b0 |
| scap-security-guide-doc-0.1.47-8.el8_1.noarch.rpm | SHA-256: c3eeab1242f9bf7139dfc81988e4d8cdf5baa55fa29182903a421a6a507c5c03 |
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1
| SRPM | |
|---|---|
| scap-security-guide-0.1.47-8.el8_1.src.rpm | SHA-256: 37a37d133311ca896cecc2457f8666609015d7b1de773ce2ed41a546e8d9717d |
| x86_64 | |
| scap-security-guide-0.1.47-8.el8_1.noarch.rpm | SHA-256: e7a830b252f7ee155eee393c3e029381389833f2558e6e5ab7a4d76a290624b0 |
| scap-security-guide-doc-0.1.47-8.el8_1.noarch.rpm | SHA-256: c3eeab1242f9bf7139dfc81988e4d8cdf5baa55fa29182903a421a6a507c5c03 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.