- Red Hat Enterprise Linux
What is OVAL and how can I use it to learn about security issues?
The Open Vulnerability and Assessment Language (OVAL) is an international information-security effort that promotes open and publicly available security content. The goal of OVAL is to standardize the way security advisories are communicated across the entire spectrum of security tools and services.
OVAL is a project of the MITRE Corporation, which is well known for providing CVE (Common Vulnerabilities and Exposures) listings.
Red Hat now provides OVAL patch definitions for Red Hat Enterprise Linux 3 and later versions. With OVAL-compatible tools, these definitions can be used to accurately test for the presence of vulnerabilities.
The OVAL definitions can be found here: http://www.redhat.com/oval .
A listing of third-party OVAL compatible tools can be found here: http://oval.mitre.org/compatible/compatible.html
NOTE: Red Hat does not provide support for these third-party tools. However, Red Hat's commitment to providing OVAL-compatible patch definitions means that users of these tools can now easily integrate them with their Red Hat Enterprise Linux environments.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.