OVAL® is a XML description and reporting format used to assess and report the state of an operating system. More in depth information about OVAL can be found on the Mitre OVAL website.

SUSE is currently providing OVAL information for SUSE Linux Enterprise products that allows to assess and report on the RPM package versions affected by known security issues in a CVE to RPM name/version mapping.

The SUSE provided OVAL data includes:
  • The patch style OVAL data expresses all security updates on a patch level, these can include multiple CVEs per patch.
This data includes both released updates and updates currently in QA, with the latter being marked as such.
  • The vulnerability OVAL data expresses security vulnerabilities on a CVE level.

The data contains already released package versions for the CVE, and also the CVEs planned to be released and the CVEs that do not affect the respective packages.

The OVAL data is provided by SUSE under the Creative Commons License 4.0 with Attribution for Non-Commercial usage (CC-BY-NC-4.0).

This information is currently published per major product line for all processor architectures in one XML file:

  • SUSE Linux Enterprise Server 15 (all Service Packs)
  • SUSE Linux Enterprise Server 15 Patches (all Service Packs)
  • SUSE Linux Enterprise Desktop 15 (all Service Packs)
  • SUSE Linux Enterprise Desktop 15 Patches (all Service Packs)
  • SUSE Linux Enterprise Server 12 (all Service Packs)
  • SUSE Linux Enterprise Server 12 Patches (all Service Packs)
  • SUSE Linux Enterprise Desktop 12 (all Service Packs)
  • SUSE Linux Enterprise Desktop 12 Patches (all Service Packs)
  • SUSE Linux Enterprise Server 11 (all Service Packs)
  • SUSE Linux Enterprise Server 11 Patches (all Service Packs)
  • SUSE Linux Enterprise Desktop 11 (all Service Packs)
  • SUSE Linux Enterprise Desktop 11 Patches (all Service Packs)
  • SUSE Linux Enterprise Server 10 (all Service Packs)
  • SUSE Linux Enterprise Desktop 10 (all Service Packs)
  • SUSE Linux Enterprise Server 9
  • SUSE OpenStack Cloud 8
  • SUSE OpenStack Cloud 7
  • SUSE OpenStack Cloud 6
  • SUSE OpenStack Cloud 6 Patches