Hi chaps
I am testing rocky Linux 9.3 as a potential candidate to replace our centos Infra. I have noticed that openscap reports false positives when scanning for vulnerabilities using the oval file downloaded from Index of /pub/oval/ .
For example the report shows that the system is impacted by RLSA-2022:7288: openssl security update and as per the Errata the issue was fixed in openssl version 3.0.7 and when i checked on the system the current installed version is 3.0.07-25 . But the openscap still reports the system is vulnerable
any pointers on how to proceed are greatly appreciated.