On Thu, 21 Sep 2006, Jeremy C. Reed wrote:

> Does anyone know of a tool for checking if installed packages on a CentOS
> system have known vulnerabilities?

If you are current in updates, the default centos install all 
have yum configs which apply all security related updates for 
supported repositories automatically -- run yum; reboot if the 
glibc, the kernel, libraries or other 'key' packages are 
updated.  all done.  running:
 	rpm -q --changelog packagename 
usually mentions the CVE, etc numbers addressed, if you wish 
to tick off that they are addressed.

There is NO substitute to having and reading a subscription to 
the centos-announce mailing list, which carries all 
notifications, in a convenient (to procmail) parsable form; a 
subscription to the upstream's security announcement mailing 
lists for your major release level is also a good idea.

Our worst case lags since project inception, have been less 
than 3 days after the upstream, as to security updates.

-- Russ Herrold
 	(also herrold@centos.org, who handles the 
'security' role account for the project.)

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss