Find the changelog / security log of a Linux rpm package

by Vivek Gite · 0 comments

Here is a little known secret that allows you to view the change log of a package. Using --changelog option you can find out if particular security bug is fixed or not. This is extremely useful option for production boxes.

For example CVE-2007-1864 documents that php has serious buffer overflow in the bundled libxmlrpc library in PHP before v4.4.7, and 5.x before 5.2.2. It has unknown impact and remote attack vectors. Now how do you know if this bug is fixed or not in your installed php version? Simply type the following command:
rpm -q --changelog php
Better use piped out output using less:
rpm -q --changelog php | less
Output:

* Wed Apr 04 2007 Joe Orton  5.1.6-12.el5
- add security fix for CVE-2007-1864, SOAP redirect handling issue,
  FTP CRLF injection issue (#235016)

* Wed Apr 04 2007 Joe Orton  5.1.6-11.el5
- add security fix for CVE-2007-1718 (#235016)

* Tue Apr 03 2007 Joe Orton  5.1.6-9.el5
- add security fix for CVE-2007-1583 (#235016)
- add security fixes for CVE-2007-0455, CVE-2007-1001 (#235036)

* Fri Mar 09 2007 Joe Orton  5.1.6-7.el5
- add security fix for CVE-2007-1285 (#231597)

* Fri Feb 16 2007 Joe Orton  5.1.6-6.el5
- add security fixes for: CVE-2007-0906, CVE-2007-0907,
  CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988 (#229013)

* Tue Dec 19 2006 Joe Orton  5.1.6-5.el5
- fix version for php-zend-abi (#218758)

* Thu Nov 23 2006 Joe Orton  5.1.6-4.el5
- php-xml provides php-domxml (#215656)
- fix php-pdo-abi provide (#214281)
- provide php-zend-abi (#212804)
- don't Obsolete mod_php
- fix PDO sqlite TEXT extraction truncate-by-one (#217033)
- package php{ize,-config} man pages in -devel (#199382)
- change module subpackages to require php-common not php (#177821)
- add security fix for CVE-2006-5465 (#216114)
......
...
.....

Following command look at the kernel package changelog:
rpm -q --changelog kernel|less

This option allows you to view change log w/o visiting vendors / distributions website. The --changelog option only works with rpm based package and distro such as RHEL / CentOS / Fedora / Suse etc. RPM is a very powerful utility and I hope this small tip will save lot of time. For more information read rpm command man page.

Featured Articles:

Want to read Linux tips and tricks, but don't have time to check our blog everyday? Subscribe to our daily email newsletter to make sure you don't miss a single tip/tricks. Subscribe to our weekly newsletter here!

{ 0 comments… add one now }

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Tagged as: , , , , ,

Previous post:

Next post: