Machine-Readable Security Data (Errata, OVAL, CSAF)
TuxCare provides machine-readable security data for ELS for Runtimes in the following formats:
- Errata — qualified security and selected bug-fix errata advisories
- OVAL — Open Vulnerability and Assessment Language patch definitions for use with OpenSCAP and similar tools
- CSAF — Common Security Advisory Framework advisories in OASIS CSAF 2.0 format (VEX and Security Advisory)
- RSS — release feeds for tracking updates
Released fixes are also available via cve.tuxcare.com and security.tuxcare.com.
PHP
| OS | Errata | OVAL | CSAF | RSS |
|---|---|---|---|---|
| EL 7 | errata | oval.xml | csaf | rss |
| EL 8 | errata | oval.xml | csaf | rss |
| EL 9 | errata | oval.xml | csaf | rss |
| EL 10 | errata | oval.xml | csaf | rss |
| Ubuntu 16.04 | errata | oval.xml | csaf | rss |
| Ubuntu 18.04 | errata | oval.xml | csaf | rss |
| Ubuntu 20.04 | errata | oval.xml | csaf | rss |
| Ubuntu 22.04 | errata | oval.xml | csaf | rss |
| Ubuntu 24.04 | errata | oval.xml | csaf | rss |
| Debian 10 | errata | oval.xml | csaf | rss |
| Debian 11 | errata | oval.xml | csaf | rss |
| Debian 12 | errata | oval.xml | csaf | rss |
| Debian 13 | errata | oval.xml | csaf | rss |
Python
| OS | Errata | OVAL | CSAF | RSS |
|---|---|---|---|---|
| EL 7 | errata | oval.xml | csaf | rss |
| EL 8 | errata | oval.xml | csaf | rss |
| EL 9 | errata | oval.xml | csaf | rss |
| EL 10 | errata | oval.xml | csaf | rss |
| Ubuntu 16.04 | errata | oval.xml | csaf | rss |
| Ubuntu 18.04 | errata | oval.xml | csaf | rss |
| Ubuntu 20.04 | errata | oval.xml | csaf | rss |
| Ubuntu 22.04 | errata | oval.xml | csaf | rss |
| Ubuntu 24.04 | errata | oval.xml | csaf | rss |
| Debian 10 | errata | oval.xml | csaf | rss |
| Debian 11 | errata | oval.xml | csaf | rss |
| Debian 12 | errata | oval.xml | csaf | rss |
| Debian 13 | errata | oval.xml | csaf | rss |
Node.js
| OS | CSAF | RSS |
|---|---|---|
| EL 7 | csaf | rss |
| EL 8 | csaf | rss |
| EL 9 | csaf | rss |
| Ubuntu 18.04 | csaf | rss |
| Ubuntu 20.04 | csaf | rss |
| Ubuntu 22.04 | csaf | rss |
| Ubuntu 24.04 | csaf | rss |
| Debian 10 | csaf | rss |
| Debian 11 | csaf | rss |
| Debian 12 | csaf | rss |
| Debian 13 | csaf | rss |
Ruby
| OS | CSAF | RSS |
|---|---|---|
| Debian 12 | csaf | rss |
| Debian 13 | csaf | rss |
How to use OVAL
OVAL can be used with the OpenSCAP tool.
Install OpenSCAP
yum install openscap openscap-utils scap-security-guide -yDownload an OVAL stream. For example, Python on EL 8:
wget https://security.tuxcare.com/oval/els_alt_python/el8/oval.xmlRun a scan:
oscap oval eval --results result.xml --report report.xml oval.xml
How to use CSAF
Common Security Advisory Framework (CSAF) is a machine-readable format, standardized by OASIS. TuxCare publishes CSAF VEX and Security Advisory files in CSAF 2.0 format at security.tuxcare.com.
provider-metadata.json is available at:
The CSAF files are published in JSON format — OASIS provides a list of reference tools that support CSAF.
