Mosley, Graham A. (GSFC-6062)[GSFC - HIGHER EDUCATION]
2015-Jul-13 17:40 UTC
[CentOS] Modifying RHEL OVAL CVE feed for use with CentOS 7
Hi all. I am curious if anyone has experience using the OVAL tests for CVEs provided by Red Hat (https://www.redhat.com/security/data/metrics/) for CentOS 7. I was able to get the tests working for the non modified packages provided by RHEL but not the packages modified by CentOS. I believe this is because CentOS 7 no longer has minor versions (PACKAGE.VERSION.el7.*.rpm) whereas RHEL does (PACKAGE.VERSION.el7_1.*.rpm) so the CVE check thinks that the package is out of date. Any ideas? Thanks