On Thu, 21 Sep 2006, Jeremy C. Reed wrote:
> Does anyone know of a tool for checking if installed packages on a CentOS
> system have known vulnerabilities?
If you are current in updates, the default centos install all
have yum configs which apply all security related updates for
supported repositories automatically -- run yum; reboot if the
glibc, the kernel, libraries or other 'key' packages are
updated. all done. running:
rpm -q --changelog packagename
usually mentions the CVE, etc numbers addressed, if you wish
to tick off that they are addressed.
There is NO substitute to having and reading a subscription to
the centos-announce mailing list, which carries all
notifications, in a convenient (to procmail) parsable form; a
subscription to the upstream's security announcement mailing
lists for your major release level is also a good idea.
Our worst case lags since project inception, have been less
than 3 days after the upstream, as to security updates.
-- Russ Herrold
(also herrold@centos.org, who handles the
'security' role account for the project.)
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)