Forum Stats

  • 3,853,259 Users
  • 2,264,199 Discussions
  • 7,905,296 Comments

Discussions

Consolidated OVAL definitions (OL7 & All) out of date?

Ric F
Ric F Member Posts: 3 Green Ribbon

The consolidated OVAL definitions contained here look to be out of date:

https://linux.oracle.com/security/oval/

I have not looked at the other files there so some of them may be impacted as well.

My understanding is that these consolidated definitions should be up to date with the information contained in the individual OVAL files are here, or worst case lagging by a few days:

https://linux.oracle.com/oval/


Am I mistaken on this? Should I be looking elsewhere for the definitions to feed into SCAP?

I'm not aware of any tool designed to mirror the individual files, so I can't see that as being the intended way to consume this data.

Regards,

Eric

Best Answer

Answers

  • Ric F
    Ric F Member Posts: 3 Green Ribbon

    Further research has shown that the current OVAL definitions are indeed in the consolidated file, however the date stamp is incorrect in the xml.

    For example, as of this writing, the following is in the ol7 consolidated definition:

    <generator>

    <oval:product_name>Oracle Errata System</oval:product_name>

    <oval:product_version>Oracle Linux</oval:product_version>

    <oval:schema_version>5.11</oval:schema_version>

    <oval:timestamp>2022-08-04T09:50:25</oval:timestamp>

    </generator>


    However, the highest issued date of a definition contained in that file is:

    <issued date="2022-08-25"/>


    It is probably a bug that can be ignored, other than the generated results from scap having the wrong date for the definitions.

    This annoys my security team when I try to convince them that my systems are indeed patched up to date.

  • Ric F
    Ric F Member Posts: 3 Green Ribbon
    Answer ✓

    TLDR: Consolidated definitions are up to date, but contain the wrong date stamp in the XML.