plug] installed package vulnerability checker for Red
Hat/Centos?
R P Herrold
herrold at owlriver.com
Thu Sep 21 14:26:13 MST 2006
On Thu, 21 Sep 2006, Jeremy C. Reed wrote:
> Does anyone know of a tool for checking if installed packages on a CentOS
> system have known vulnerabilities?
If you are current in updates, the default centos install all
have yum configs which apply all security related updates for
supported repositories automatically -- run yum; reboot if the
glibc, the kernel, libraries or other 'key' packages are
updated. all done. running:
rpm -q --changelog packagename
usually mentions the CVE, etc numbers addressed, if you wish
to tick off that they are addressed.
There is NO substitute to having and reading a subscription to
the centos-announce mailing list, which carries all
notifications, in a convenient (to procmail) parsable form; a
subscription to the upstream's security announcement mailing
lists for your major release level is also a good idea.
Our worst case lags since project inception, have been less
than 3 days after the upstream, as to security updates.
-- Russ Herrold
(also herrold at centos.org, who handles the
'security' role account for the project.)
More information about the PLUG-discuss
mailing list