[CentOS] Modifying RHEL OVAL CVE feed for use with CentOS 7

Mosley, Graham A. (GSFC-6062)[GSFC - HIGHER EDUCATION]

graham.mosley at nasa.gov
Mon Jul 13 17:40:07 UTC 2015


Hi all.

I am curious if anyone has experience using the OVAL tests for CVEs provided by Red Hat (https://www.redhat.com/security/data/metrics/) for CentOS 7.
I was able to get the tests working for the non modified packages provided by RHEL but not the packages modified by CentOS.

I believe this is because CentOS 7 no longer has minor versions (PACKAGE.VERSION.el7.*.rpm) whereas RHEL does (PACKAGE.VERSION.el7_1.*.rpm) so the CVE check thinks that the package is out of date.
Any ideas?

Thanks



More information about the CentOS mailing list