RHBA-2021:4098 - Bug Fix Advisory

Topic

An update for scap-security-guide is now available for Red Hat Enterprise
Linux 8.

Description

The scap-security-guide project provides a guide for configuration of the
system from the final system's security point of view. The guidance is
specified in the Security Content Automation Protocol (SCAP) format and
constitutes a catalog of practical hardening advice, linked to government
requirements where applicable. The project bridges the gap between
generalized policy requirements and specific implementation guidelines.

Bug Fix(es) and Enhancement(s):

• Update RHEL 8 STIG profile to V1R3 (BZ#1997634)
• CIS compliance profile does not represent structure of the policy

(BZ#2005427)

• Add ANSSI-BP-028 High level profile (BZ#2005429)
• Add STIG variant for GUI installations (BZ#2005431)
• [RFE] Add support for ACSC ISM 'Official' profile (BZ#2005891)
• Rule package_rear_installed should not be applicable on s390x

(BZ#2013553)

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux for x86_64 8 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64
• Red Hat Enterprise Linux Server - AUS 8.6 x86_64
• Red Hat Enterprise Linux Server - AUS 8.4 x86_64
• Red Hat Enterprise Linux for IBM z Systems 8 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
• Red Hat Enterprise Linux for Power, little endian 8 ppc64le
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
• Red Hat Enterprise Linux Server - TUS 8.8 x86_64
• Red Hat Enterprise Linux Server - TUS 8.6 x86_64
• Red Hat Enterprise Linux Server - TUS 8.4 x86_64
• Red Hat Enterprise Linux for ARM 64 8 aarch64
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
• Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
• Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
• Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
• Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64
• Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
• Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

• BZ - 1997634 - Update RHEL 8 STIG profile to V1R3 [rhel-8.4.0.z]
• BZ - 2005427 - CIS compliance profile does not represent structure of the policy [rhel-8.4.0.z]
• BZ - 2005429 - Add ANSSI-BP-028 High level profile [rhel-8.4.0.z]
• BZ - 2005431 - Add STIG variant for GUI installations [rhel-8.4.0.z]
• BZ - 2013553 - Rule package_rear_installed should not be applicable on s390x [rhel-8.4.0.z]

CVEs

(none)

References

• https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/index