2222583 – Remote resource referenced from datastream is missing https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml.bz2

Bug 2222583 - Remote resource referenced from datastream is missing https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml.bz2

Summary: Remote resource referenced from datastream is missing https://access.redhat....

Keywords:
Status:	ON_QA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	scap-security-guide
Sub Component:
Version:	8.8
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Vojtech Polasek
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2228452 2228453 2222984
TreeView+	depends on / blocked

Reported:	2023-07-13 07:53 UTC by Welterlen Benoit
Modified:	2023-08-17 20:21 UTC (History)
CC List:	10 users (show)
Fixed In Version:	scap-security-guide-0.1.69-1.el8
Doc Type:	Bug Fix
Doc Text:	.Red Hat CVE feeds have been moved The version 1 of Red Hat CVE feeds at https://access.redhat.com/security/data/oval/ has been sunset and replaced by the version 2 of the CVE feeds located at https://access.redhat.com/security/data/oval/v2/. Consequently, the links in SCAP source data streams provided by the `scap-security-guide` package have been updated to link the new version of the Red Hat CVE feeds.
Clone Of:
Clones:	2222984 2228452 2228453 (view as bug list)
Environment:
Last Closed:
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-162238	0	None	None	None	2023-07-13 07:54:10 UTC
Red Hat Knowledge Base (Solution)	7024901	0	None	None	None	2023-07-18 03:01:55 UTC

Description Welterlen Benoit 2023-07-13 07:53:08 UTC

Description of problem:
When trying to scan with ssg-rhel8-ds profile, the remote resource is not available anymore on Red Hat web site:

~~~
oscap info /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml 2>&1 | grep 'WARNING: Skipping'
WARNING: Skipping 'https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml.bz2' file which is referenced from datastream
~~~

 wget https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml.bz2
--2023-07-12 00:02:10--  https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml.bz2
Resolving access.redhat.com (access.redhat.com)... 96.17.150.153, 96.17.150.168, 2600:140f:6::172c:a50, ...
Connecting to access.redhat.com (access.redhat.com)|96.17.150.153|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2023-07-12 00:02:11 ERROR 404: Not Found.

Only V2 version are available in https://access.redhat.com/security/data/oval

Why the old versions have been removed, even if they are not updated anymore, they are needed for previous packages.

Version-Release number of selected component (if applicable):
scap-security-guide-0.1.66-2.el8_7.noarch
RHEL8

How reproducible:
always

Steps to Reproduce:
1. yum install scap-security-guide.noarch
2. run oscap info /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
3.

Actual results:
Profile not updated

Expected results:
Remote ressource available on Red Hat web site

Additional info:

Comment 1 Vojtech Polasek 2023-07-17 13:54:18 UTC

Fixed upstream: https://github.com/ComplianceAsCode/content/pull/10842

Note You need to log in before you can comment on or make changes to this bug.