Red Hat Product Errata RHBA-2021:1383 - Bug Fix Advisory
Issued:
2021-04-27
Updated:
2021-04-27

RHBA-2021:1383 - Bug Fix Advisory

Synopsis

scap-security-guide bug fix and enhancement update

Type/Severity

Bug Fix Advisory

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for scap-security-guide is now available for Red Hat Enterprise
Linux 7.

Description

The scap-security-guide project provides a guide for configuration of the
system from the final system's security point of view. The guidance is
specified in the Security Content Automation Protocol (SCAP) format and
constitutes a catalog of practical hardening advice, linked to government
requirements where applicable. The project bridges the gap between
generalized policy requirements and specific implementation guidelines.

Bug Fix(es) and Enhancement(s):

  • [RFE] Add ANSSI-BP-028 to SSG (Minimal, Intermediary and Enhanced Levels) (BZ#1497415)
  • Remove deprecated follow argument from Ansible remediations (BZ#1890111)
  • Rules of type Service Disabled do not have clear description on which actions the user should take (BZ#1891435)
  • Latest RHEL7 STIG (V3R2) is not present in latest version of scap-security-guide. (BZ#1921643)

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

  • BZ - 1497415 - [RFE] Add ANSSI-BP-028 to SSG (Minimal, Intermediary and Enhanced Levels) [rhel-7.9.z]
  • BZ - 1852364 - xccdf_org.ssgproject.content_rule_selinux_all_devicefiles_labeled fails when a symlink or regular file is labeled with "device_t" [rhel-7.9.z]
  • BZ - 1890111 - Remove deprecated follow argument from Ansible remediations [rhel-7.9.z]
  • BZ - 1891435 - Rules of type Service Disabled do not have clear description on which actions the user should take [rhel-7.9.z]
  • BZ - 1907897 - IBM Z (s390x) is not detected as a 64bit architecture [rhel-7.9.z]
  • BZ - 1914226 - False positive selinux content_rule_selinux_policytype [rhel-7.9.z]
  • BZ - 1921643 - Latest RHEL7 STIG (V3R2) is not present in latest version of scap-security-guide. [rhel-7.9.z]

CVEs

(none)

References

(none)

Red Hat Enterprise Linux Server 7

SRPM
scap-security-guide-0.1.54-3.el7_9.src.rpm SHA-256: d295407776b37290f831a57377fbc45e1ef3de443ce22686e1625b8484997b43
x86_64
scap-security-guide-0.1.54-3.el7_9.noarch.rpm SHA-256: c57c2866ee75805f17cab3469ba69dcbace2b69e8ba60c6bfa58c03c15dd3d7b
scap-security-guide-doc-0.1.54-3.el7_9.noarch.rpm SHA-256: d8fe6f3b141d313c485b401165a1ed35800cdb050bcdc9e4fa935508b2ecb3a2

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
scap-security-guide-0.1.54-3.el7_9.src.rpm SHA-256: d295407776b37290f831a57377fbc45e1ef3de443ce22686e1625b8484997b43
x86_64
scap-security-guide-0.1.54-3.el7_9.noarch.rpm SHA-256: c57c2866ee75805f17cab3469ba69dcbace2b69e8ba60c6bfa58c03c15dd3d7b
scap-security-guide-doc-0.1.54-3.el7_9.noarch.rpm SHA-256: d8fe6f3b141d313c485b401165a1ed35800cdb050bcdc9e4fa935508b2ecb3a2

Red Hat Enterprise Linux Workstation 7

SRPM
scap-security-guide-0.1.54-3.el7_9.src.rpm SHA-256: d295407776b37290f831a57377fbc45e1ef3de443ce22686e1625b8484997b43
x86_64
scap-security-guide-0.1.54-3.el7_9.noarch.rpm SHA-256: c57c2866ee75805f17cab3469ba69dcbace2b69e8ba60c6bfa58c03c15dd3d7b
scap-security-guide-doc-0.1.54-3.el7_9.noarch.rpm SHA-256: d8fe6f3b141d313c485b401165a1ed35800cdb050bcdc9e4fa935508b2ecb3a2

Red Hat Enterprise Linux Desktop 7

SRPM
scap-security-guide-0.1.54-3.el7_9.src.rpm SHA-256: d295407776b37290f831a57377fbc45e1ef3de443ce22686e1625b8484997b43
x86_64
scap-security-guide-0.1.54-3.el7_9.noarch.rpm SHA-256: c57c2866ee75805f17cab3469ba69dcbace2b69e8ba60c6bfa58c03c15dd3d7b
scap-security-guide-doc-0.1.54-3.el7_9.noarch.rpm SHA-256: d8fe6f3b141d313c485b401165a1ed35800cdb050bcdc9e4fa935508b2ecb3a2

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
scap-security-guide-0.1.54-3.el7_9.src.rpm SHA-256: d295407776b37290f831a57377fbc45e1ef3de443ce22686e1625b8484997b43
s390x
scap-security-guide-0.1.54-3.el7_9.noarch.rpm SHA-256: c57c2866ee75805f17cab3469ba69dcbace2b69e8ba60c6bfa58c03c15dd3d7b
scap-security-guide-doc-0.1.54-3.el7_9.noarch.rpm SHA-256: d8fe6f3b141d313c485b401165a1ed35800cdb050bcdc9e4fa935508b2ecb3a2

Red Hat Enterprise Linux for Power, big endian 7

SRPM
scap-security-guide-0.1.54-3.el7_9.src.rpm SHA-256: d295407776b37290f831a57377fbc45e1ef3de443ce22686e1625b8484997b43
ppc64
scap-security-guide-0.1.54-3.el7_9.noarch.rpm SHA-256: c57c2866ee75805f17cab3469ba69dcbace2b69e8ba60c6bfa58c03c15dd3d7b
scap-security-guide-doc-0.1.54-3.el7_9.noarch.rpm SHA-256: d8fe6f3b141d313c485b401165a1ed35800cdb050bcdc9e4fa935508b2ecb3a2

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
scap-security-guide-0.1.54-3.el7_9.src.rpm SHA-256: d295407776b37290f831a57377fbc45e1ef3de443ce22686e1625b8484997b43
x86_64
scap-security-guide-0.1.54-3.el7_9.noarch.rpm SHA-256: c57c2866ee75805f17cab3469ba69dcbace2b69e8ba60c6bfa58c03c15dd3d7b
scap-security-guide-doc-0.1.54-3.el7_9.noarch.rpm SHA-256: d8fe6f3b141d313c485b401165a1ed35800cdb050bcdc9e4fa935508b2ecb3a2

Red Hat Enterprise Linux for Power, little endian 7

SRPM
scap-security-guide-0.1.54-3.el7_9.src.rpm SHA-256: d295407776b37290f831a57377fbc45e1ef3de443ce22686e1625b8484997b43
ppc64le
scap-security-guide-0.1.54-3.el7_9.noarch.rpm SHA-256: c57c2866ee75805f17cab3469ba69dcbace2b69e8ba60c6bfa58c03c15dd3d7b
scap-security-guide-doc-0.1.54-3.el7_9.noarch.rpm SHA-256: d8fe6f3b141d313c485b401165a1ed35800cdb050bcdc9e4fa935508b2ecb3a2

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7

SRPM
scap-security-guide-0.1.54-3.el7_9.src.rpm SHA-256: d295407776b37290f831a57377fbc45e1ef3de443ce22686e1625b8484997b43
s390x
scap-security-guide-0.1.54-3.el7_9.noarch.rpm SHA-256: c57c2866ee75805f17cab3469ba69dcbace2b69e8ba60c6bfa58c03c15dd3d7b
scap-security-guide-doc-0.1.54-3.el7_9.noarch.rpm SHA-256: d8fe6f3b141d313c485b401165a1ed35800cdb050bcdc9e4fa935508b2ecb3a2

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
scap-security-guide-0.1.54-3.el7_9.src.rpm SHA-256: d295407776b37290f831a57377fbc45e1ef3de443ce22686e1625b8484997b43
ppc64
scap-security-guide-0.1.54-3.el7_9.noarch.rpm SHA-256: c57c2866ee75805f17cab3469ba69dcbace2b69e8ba60c6bfa58c03c15dd3d7b
scap-security-guide-doc-0.1.54-3.el7_9.noarch.rpm SHA-256: d8fe6f3b141d313c485b401165a1ed35800cdb050bcdc9e4fa935508b2ecb3a2

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
scap-security-guide-0.1.54-3.el7_9.src.rpm SHA-256: d295407776b37290f831a57377fbc45e1ef3de443ce22686e1625b8484997b43
ppc64le
scap-security-guide-0.1.54-3.el7_9.noarch.rpm SHA-256: c57c2866ee75805f17cab3469ba69dcbace2b69e8ba60c6bfa58c03c15dd3d7b
scap-security-guide-doc-0.1.54-3.el7_9.noarch.rpm SHA-256: d8fe6f3b141d313c485b401165a1ed35800cdb050bcdc9e4fa935508b2ecb3a2

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.