search icon

How can we help you?

cross

close

Please type your search query, then press Enter or click the search button.

icon image
hamburger menu

Products

arrow down icon
Submit support request
DocumentationELS for OSMachine-Readable Security Data (Errata, OVAL, CSAF)
sidebar hamburger menu

Machine-Readable Security Data (Errata, OVAL, CSAF)

TuxCare provides the following security updates for ELS for OS:

Released Fixes are available via cve.tuxcare.com and can additionally be found on security.tuxcare.com.

Errata advisories

TuxCare Endless Lifecycle Support provides qualified security and selected bug-fix errata advisories across all architectures. They can help users track which CVEs are resolved and which bugs have been addressed.

You can view the full list of released fixes on cve.tuxcare.com.

OVAL patch definitions

Leveraging the Open Vulnerability and Assessment Language (OVAL) patch definitions with OVAL-compatible tools, e.g. OpenSCAP, users can accurately check their systems for the presence of vulnerabilities.

Identifying the vulnerabilities that apply to your systems is an important task for IT and InfoSec teams, and at TuxCare we make it easy. We provide OVAL data that contain instructions to the vulnerability scanner to determine the addressed vulnerabilities from the ELS updates. This section contains information about available TuxCare ELS OVAL streams.

TuxCare ELS OVAL Streams

How to use OpenSCAP with TuxCare ELS

OpenSCAP is an open source vulnerability scanner and compliance tool and it can be used to scan a system protected by TuxCare ELS. The following command show how to produce a vulnerability report for the system:

  1. Install the ELS release package and OpenSCAP:

    yum install els-define openscap openscap-utils scap-security-guide -y

  2. Before running a scan, make sure the system is up to date and running the latest kernel:

    yum update -y

  3. Reboot the system.

  4. RPM-based system only: after reboot, remove older kernel versions:

    package-cleanup --oldkernels --count=1 -y

  5. Download OVAL stream. For example, Ubuntu 18.04:

    wget https://security.tuxcare.com/oval/els_os/ubuntu18.04els/oval.xml

  6. Run the scan:

    oscap oval eval --results results.xml --report report.html oval.xml

  7. Examine the scan results report.

    Following the example above scan results report will be saved to report.html file in current directory. This file can then be downloaded for analysis or published directly with a local web server, for example:

    python3 -m http.server 8000

    or for python2

    python -m SimpleHTTPServer 8000

    Assuming the above command is run from the directory with the report.html file, the webpage with the report can then be accessed on http://<server-ip-addess>:8000/report.html through a web browser.

    Note: the OpenSCAP report below is provided as an example. The results will vary depending on the OS and version you are scanning.

    The report includes a table with vulnerabilities and their status on the examined system. Line, as the one below, reports that the system is vulnerable to CVE-2023-2828:

    update oval:com.tuxcare.clsa:def:1688677755 true patch [CLSA-2023:1688677755], [CVE-2023-2828] Fix CVE(s): CVE-2023-2828

    The table also includes corresponding hyperlinks to advisory pages where the package and the version containing the fix can be found as well as the command to run on the target system in order to install the update.

    Lines like the one below designate that the fix for the corresponding CVE is already installed on the system, and no further action is needed:

    oval:com.tuxcare.clsa:def:1694538670 false patch [CLSA-2023:1694538670], [CVE-2022-40433] Fix CVE(s): CVE-2022-40433

How to integrate the OVAL data with a new vulnerability scanner

Identifying the vulnerabilities that apply to your systems is an important task for IT and InfoSec teams, and at TuxCare we make it easy.

To detect whether a system has TuxCare ELS installed, check for the following file being present: /etc/els-release.

Once that is validated, you can use the corresponding to the operating system OVAL files from above to scan for vulnerabilities.

Common Security Advisory Framework

Common Security Advisory Framework (CSAF) is a machine-readable format, standardized by OASIS. It's designed to enable consistent and automated sharing of security advisory information.

TuxCare publishes the following CSAF files at security.tuxcare.com:

  • CSAF Vulnerability Exploitability eXchange (VEX) files – indexed by CVE VEX documents are available in CSAF 2.0 format, including past CVEs.
  • CSAF Security Advisory files – advisories are published in CSAF 2.0 format and indexed by Security Advisory.

provider-matadata.json contains information for tools and users about where and how to retrieve CSAF advisories published by TuxCare. By OASIS requirements, it is available at two URLs (both serving the same file):

TuxCare CSAF data

Currently, we provide CSAF data for the following OS versions:

TuxCare ELS RSS releases feeds

icon penEdit this page
Scroll up
2026. Cloud Linux Software Inc
×
Need help?
I'm a multilingual AI chatbot, trained to answer all your questions!