Hello, I ask here if CentOS has a xml oval repository. This is the reason of my question: Actually I have an automatic system to check CVE vulnerabilities report against RedHat OVAL resources, for example: https://www.redhat.com/security/data/oval/com.redhat.rhsa-2011.xml for 2011 CVEs and RHSAs related OVALS My problem is that while the mechanism works flawlessly regarding Scientific Linux, with CentOS I have false positives reports because the patch level numbers for some rpms is somewhat different from the one written in the official RedHat OVALS. I make an example to explain myself better: Consider CVE-2011-0020 which corresponds to RHSA-2011:0180-1 security advisory and it regards a pango vulnerability. RedHat calls the updated rpm which addresses the vulnerability as pango-1.14.9-8.el5_6.2 CentOS calls it as pango-1.14.9-8.el5.centos.2 so we have: pango-1.14.9-8.el5_6.2 in the RedHat OVALS while CentOS has pango-1.14.9-8.el5.centos.2 and I think they both addresses the CVE-2011-0020 vulnerability but since the naming is different I have a report that my pango RPM on CentOS is vulnerable, while on SL with same rpm I have no false positives and everything is ok. So i ask if CentOS has it's own OVAL xml files because I cannot use i na realiable way the RedHat OVALS with CentOS for my porpouses. thank you very much Rick On 4/28/11 4:17 PM, Johnny Hughes wrote: On 04/28/2011 07:47 AM, Riccardo Veraldi wrote:Hello, I have seen that package libvirt-0.8.2-15.el5_6.3 on CentOS 5.6 which addresses CVE-2011-1146 <https://www.redhat.com/security/data/cve/CVE-2011-1146.html> vulnerability is not yet available while for example it is on Scientific Linux. Is there any particular reason why the above rpm update is still not available on mirrors ?This was pushed, it just had a .el5 instead of .el5_6 dist tag, so it looks older than the other update. Corrected and repushed. Thanks, Johnny Hughes_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos |
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos