-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I have list of package names with version (e.g., glibc-2.12-1.209.el6_9.1) and I need to see CVE present for this or not #71
Comments
First, if you're keeping your RHEL system up-to-date with the latest packages provided by Red Hat and it's just one package you're interested in, I would recommend checking this answer in the readme: That example could be used verbatim for RHEL6 to see if there are any outstanding CVEs for the latest version of glibc. On the other hand, if you have a list of package names of specific versions, you would be better off just using yum on the system in question. yum yum yumOn the following test machine, I have an old version of glibc, and you can see that I'm registered, because a newer version is available.
Of course, in a perfect world, I would just update, but ... To check for available security-specific fixes
That shows me that YES there the latest version of glibc available does include some security fixes of severity moderate or less. Drop the trailing To see CVEs specifically
This tells me that upgrading to v157.el7_3.4 will fix one CVE, and upgrading to the latest v196 will fix 5 additional CVEs. To see one specific CVE
That tells me that the CVE in question is already patched by my installed version. To be sure, I can do:
|
(Question sent to me via email.)
The text was updated successfully, but these errors were encountered: