I know how to update my system using the yum command. But, how can I find out that patch has been applied to a package? How do I search CVE patch number applied to a package under a Red Hat Enterprise Linux/CentOS/RHEL/Fedora Linux based system?

You need to use the rpm command. Each rpm package stores information about patches including date, small description and CVE number. You can use the -q query option to display change information for the package.

rpm –changelog option

Use the command as follows:
rpm -q --changelog {package-name}
rpm -q --changelog {package-name} | more
rpm -q --changelog {package-name} | grep CVE-NUMBER

For example find out if CVE-2008-1927 has been applied to perl package or not, enter:
# rpm -q --changelog perl|grep CVE-2008-1927
Sample output:

- CVE-2008-1927 perl: double free on regular expressions with utf8 characters

List all applied patches for php, enter:
# rpm -q --changelog php
OR
# rpm -q --changelog php | more
Sample output:

* Tue Jun 03 2008 Joe Orton <jorton@redhat.com> 5.1.6-20.el5_2.1
- add security fixes for CVE-2007-5898, CVE-2007-4782, CVE-2007-5899,
  CVE-2008-2051, CVE-2008-2107, CVE-2008-2108 (#445923)
 
* Tue Jan 15 2008 Joe Orton <jorton@redhat.com> 5.1.6-20.el5
- use magic.mime provided by file (#240845)
- fix possible crash with setlocale() (#428675)
 
* Thu Jan 10 2008 Joe Orton <jorton@redhat.com> 5.1.6-19.el5
- ext/date: fix test cases for recent timezone values (#266441)
 
* Thu Jan 10 2008 Joe Orton <jorton@redhat.com> 5.1.6-18.el5
- ext/date: updates for system tzdata support (#266441)
 
* Wed Jan 09 2008 Joe Orton <jorton@redhat.com> 5.1.6-17.el5
- ext/date: use system timezone database (#266441)
 
* Tue Jan 08 2008 Joe Orton <jorton@redhat.com> 5.1.6-16.el5
- add dbase extension in -common (#161639)
- add /usr/share/php to builtin include_path (#238455)
- ext/ldap: enable ldap_sasl_bind (#336221)
- ext/libxml: reset stream context (#298031)
.........
... 
....
* Fri May 16 2003 Joe Orton <jorton@redhat.com> 4.3.1-3
- link odbc module correctly
- patch so that php -n doesn't scan inidir
- run tests using php -n, avoid loading system modules
 
* Wed May 14 2003 Joe Orton <jorton@redhat.com> 4.3.1-2
- workaround broken parser produced by bison-1.875
 
* Tue May 06 2003 Joe Orton <jorton@redhat.com> 4.3.1-1
- update to 4.3.1; run test suite
- open extension modules with RTLD_NOW rather than _LAZY

How do I find CVE for a rpm file itself?

Above command will query installed package only. To query rpm file, enter:
$ rpm -qp --changelog rsnapshot-1.3.0-1.noarch.rpm | more

Further readings:
  • rpm command man page: rpm(8)

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 3 comments so far... add one


CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
3 comments… add one
  • jeff Oct 2, 2008 @ 14:28

    Thanks for this. It beats the hell out of spending a half hour searching docs on RHN.

  • hjozso Jan 26, 2016 @ 11:37

    With installed yum-security plugin from RHEL6 (from me never worked on RHEL5) and above:
    List available:
    # yum updateinfo list available

    List all available security updates without installing
    # yum updateinfo list security all
    # yum updateinfo list sec

    List currently installed:
    # yum updateinfo list security installed

    • 🐧 Vivek Gite Jan 26, 2016 @ 14:02

      Thanks for the sharing commands. I will update this page soon.

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum