Re: installed package vulnerability checker for Red Hat/Cent…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJeremy C. Reed at <-
MCraig White at ->
Attachments:
Message as email
+ (text/plain)
+ (text/plain)
Delete this message
Reply to this message
Author: der.hans
Date:  
To: Main PLUG discussion list
Subject: Re: installed package vulnerability checker for Red Hat/Centos?
Am 21. Sep, 2006 schwätzte Jeremy C. Reed so:

> Does anyone know of a tool for checking if installed packages on a CentOS
> system have known vulnerabilities?

Not quite what you want, but the closest I know of for GNU/Linux
distros...

debian and Ubuntu have their package list files up for the package
managers. They also make the changelogs available, so you can see what
was changed in a package before downloading it.

The update manager in Ubuntu 6.0.6 allows you to show details and get the
changelog as part of the upgrade.

I don't know if RH has a similar mechanism for pulling up changelogs.

You can check for packages that have fixes for security problems by only
having the security feed available for upgrade, but that's still not quite
what you want, I think.

ciao,

der.hans

>
> I know yum can be used to indicate if updates are available.
>
> But I am looking for something like NetBSD Pkgsrc's audit-packages or
> FreeBSD's portaudit -- list name and version of installed package and an
> item and/or URL about the vulnerability. For example:
>
> Package xzgv-0.8.0.1nb1 has a remote-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1060
>
> Thanks!
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 

-- 
#  https://www.LuftHans.com/        http://www.CiscoLearning.org/
#  Join the League of Professional System Administrators! https://LOPSA.org/
#  To announce that there must be no criticism of the President, or that we
#  are to stand by the President, right or wrong, is not only unpatriotic
#  and servile, but is morally treasonable to the American public.
#  -- Theodore Roosevelt, editorial in the Kansas City Star, 07May1918
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-RE: Phoenix Linux Users Group Installfest - Saturday, September 30, 2006, University of Advancing TechnologyRe: Looking for New Opportunity->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)