You need to use the rpm command. Each rpm package stores information about patches including date, small description and CVE number. You can use the -q query option to display change information for the package.
rpm –changelog option
Use the command as follows:
rpm -q --changelog {package-name}
rpm -q --changelog {package-name} | more
rpm -q --changelog {package-name} | grep CVE-NUMBER
For example find out if CVE-2008-1927 has been applied to perl package or not, enter:
# rpm -q --changelog perl|grep CVE-2008-1927
Sample output:
- CVE-2008-1927 perl: double free on regular expressions with utf8 characters
List all applied patches for php, enter:
# rpm -q --changelog php
OR
# rpm -q --changelog php | more
Sample output:
* Tue Jun 03 2008 Joe Orton <jorton@redhat.com> 5.1.6-20.el5_2.1 - add security fixes for CVE-2007-5898, CVE-2007-4782, CVE-2007-5899, CVE-2008-2051, CVE-2008-2107, CVE-2008-2108 (#445923) * Tue Jan 15 2008 Joe Orton <jorton@redhat.com> 5.1.6-20.el5 - use magic.mime provided by file (#240845) - fix possible crash with setlocale() (#428675) * Thu Jan 10 2008 Joe Orton <jorton@redhat.com> 5.1.6-19.el5 - ext/date: fix test cases for recent timezone values (#266441) * Thu Jan 10 2008 Joe Orton <jorton@redhat.com> 5.1.6-18.el5 - ext/date: updates for system tzdata support (#266441) * Wed Jan 09 2008 Joe Orton <jorton@redhat.com> 5.1.6-17.el5 - ext/date: use system timezone database (#266441) * Tue Jan 08 2008 Joe Orton <jorton@redhat.com> 5.1.6-16.el5 - add dbase extension in -common (#161639) - add /usr/share/php to builtin include_path (#238455) - ext/ldap: enable ldap_sasl_bind (#336221) - ext/libxml: reset stream context (#298031) ......... ... .... * Fri May 16 2003 Joe Orton <jorton@redhat.com> 4.3.1-3 - link odbc module correctly - patch so that php -n doesn't scan inidir - run tests using php -n, avoid loading system modules * Wed May 14 2003 Joe Orton <jorton@redhat.com> 4.3.1-2 - workaround broken parser produced by bison-1.875 * Tue May 06 2003 Joe Orton <jorton@redhat.com> 4.3.1-1 - update to 4.3.1; run test suite - open extension modules with RTLD_NOW rather than _LAZY
How do I find CVE for a rpm file itself?
Above command will query installed package only. To query rpm file, enter:
$ rpm -qp --changelog rsnapshot-1.3.0-1.noarch.rpm | more
Further readings:
- rpm command man page: rpm(8)
🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.
🐧 3 comments so far... add one ↓
🐧 3 comments so far... add one ↓
Related Tutorials
| Category | List of Unix and Linux commands |
|---|---|
| Disk space analyzers | df • duf • ncdu • pydf |
| File Management | cat • cp • mkdir • tree |
| Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Modern utilities | bat • exa |
| Network Utilities | NetHogs • dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • glances • gtop • jobs • killall • kill • pidof • pstree • pwdx • time • vtop |
| Searching | ag • grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
Thanks for this. It beats the hell out of spending a half hour searching docs on RHN.
With installed yum-security plugin from RHEL6 (from me never worked on RHEL5) and above:
List available:
# yum updateinfo list availableList all available security updates without installing
# yum updateinfo list security all# yum updateinfo list sec
List currently installed:
# yum updateinfo list security installedThanks for the sharing commands. I will update this page soon.