Find Out If Patch Number ( CVE ) Has Been Applied To RHEL / CentOS Linux

I know how to update my system using the yum command. But, how can I find out that patch has been applied to a package? How do I search CVE patch number applied to a package under a Red Hat Enterprise Linux/CentOS/RHEL/Fedora Linux based system?

You need to use the rpm command. Each rpm package stores information about patches including date, small description and CVE number. You can use the -q query option to display change information for the package.

rpm –changelog option

Use the command as follows:
rpm -q --changelog {package-name}
rpm -q --changelog {package-name} | more
rpm -q --changelog {package-name} | grep CVE-NUMBER

For example find out if CVE-2008-1927 has been applied to perl package or not, enter:
# rpm -q --changelog perl|grep CVE-2008-1927
Sample output:

- CVE-2008-1927 perl: double free on regular expressions with utf8 characters

List all applied patches for php, enter:
# rpm -q --changelog php
# rpm -q --changelog php | more
Sample output:

* Tue Jun 03 2008 Joe Orton <> 5.1.6-20.el5_2.1
- add security fixes for CVE-2007-5898, CVE-2007-4782, CVE-2007-5899,
  CVE-2008-2051, CVE-2008-2107, CVE-2008-2108 (#445923)
* Tue Jan 15 2008 Joe Orton <> 5.1.6-20.el5
- use magic.mime provided by file (#240845)
- fix possible crash with setlocale() (#428675)
* Thu Jan 10 2008 Joe Orton <> 5.1.6-19.el5
- ext/date: fix test cases for recent timezone values (#266441)
* Thu Jan 10 2008 Joe Orton <> 5.1.6-18.el5
- ext/date: updates for system tzdata support (#266441)
* Wed Jan 09 2008 Joe Orton <> 5.1.6-17.el5
- ext/date: use system timezone database (#266441)
* Tue Jan 08 2008 Joe Orton <> 5.1.6-16.el5
- add dbase extension in -common (#161639)
- add /usr/share/php to builtin include_path (#238455)
- ext/ldap: enable ldap_sasl_bind (#336221)
- ext/libxml: reset stream context (#298031)
* Fri May 16 2003 Joe Orton <> 4.3.1-3
- link odbc module correctly
- patch so that php -n doesn't scan inidir
- run tests using php -n, avoid loading system modules
* Wed May 14 2003 Joe Orton <> 4.3.1-2
- workaround broken parser produced by bison-1.875
* Tue May 06 2003 Joe Orton <> 4.3.1-1
- update to 4.3.1; run test suite
- open extension modules with RTLD_NOW rather than _LAZY

How do I find CVE for a rpm file itself?

Above command will query installed package only. To query rpm file, enter:
$ rpm -qp --changelog rsnapshot-1.3.0-1.noarch.rpm | more

Further readings:
  • rpm command man page: rpm(8)

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 3 comments so far... add one

CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
3 comments… add one
  • jeff Oct 2, 2008 @ 14:28

    Thanks for this. It beats the hell out of spending a half hour searching docs on RHN.

  • hjozso Jan 26, 2016 @ 11:37

    With installed yum-security plugin from RHEL6 (from me never worked on RHEL5) and above:
    List available:
    # yum updateinfo list available

    List all available security updates without installing
    # yum updateinfo list security all
    # yum updateinfo list sec

    List currently installed:
    # yum updateinfo list security installed

    • 🐧 Vivek Gite Jan 26, 2016 @ 14:02

      Thanks for the sharing commands. I will update this page soon.

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Problem posting comment? Email me @