- Posted In
- Red Hat Enterprise Linux
RedHat publishes oval file and I am using it against my systems to scan for vulnerabilities. I have few questions here.
a) rpm-to-cve.xml This file contains many CVE's not matched in oval file. The purpose of the file seems to be given rpm what CVE it matches. What is the purpose of rpm-to-cve file?
b) What is the purpose of rhsamapcpe.txt file?
So far I thought OVAL is enough, why are these extra files RHEL publishes?