Does anyone know of a tool for checking if installed packages on a CentOS 
system have known vulnerabilities?

I know yum can be used to indicate if updates are available.

But I am looking for something like NetBSD Pkgsrc's audit-packages or 
FreeBSD's portaudit -- list name and version of installed package and an 
item and/or URL about the vulnerability. For example:

 Package xzgv-0.8.0.1nb1 has a remote-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1060

Thanks!
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss