Hi all.

I am curious if anyone has experience using the OVAL tests for CVEs provided by Red Hat (https://www.redhat.com/security/data/metrics/) for CentOS 7. I was able to get the tests working for the non modified packages provided by RHEL but not the packages modified by CentOS.

I believe this is because CentOS 7 no longer has minor versions (PACKAGE.VERSION.el7.*.rpm) whereas RHEL does (PACKAGE.VERSION.el7_1.*.rpm) so the CVE check thinks that the package is out of date. Any ideas?

Thanks