How to check whether list of CVEs are fixed or not?

Support for security such as Firewalls and securing linux
Post Reply
sreedhar0308
Posts: 1
Joined: 2019/10/28 08:09:21

How to check whether list of CVEs are fixed or not?

Post by sreedhar0308 » 2019/10/28 08:31:43

I want to check the list of CVEs fixed or not in CentOS 8. I tried this command "rpm -qip --changelog *.rpm | grep CVE_XXXX_XXXX". This is not helping me. For example, if CVE_XXXX_XXXX fixed in CentOS 7.7, then its showing in CentOS 8.

The requirement is If I search for CVE-X in CentOS8, then it should show whether CVE is fixed in current release or in previous releases.
Is there any command for this?

Please provide your inputs.

Thank you.

User avatar
TrevorH
Forum Moderator
Posts: 26923
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: How to check whether list of CVEs are fixed or not?

Post by TrevorH » 2019/10/28 10:10:20

The command you want is rpm -q --changelog $packagename for each package you want to look at the changelog for. This will require the package to be installed. If you have the packages downloaded and not installed then you need to amend the command to use -qp and add the full filename to the command instead of just the package name.
The requirement is If I search for CVE-X in CentOS8, then it should show whether CVE is fixed in current release or in previous releases.
No. Using rpm -q --changelog just tells you if it's fixed. It doesn't tell you about when it was fixed, for that you need to look at the changelog in more detail and extract the date lines from it as well. The important thing is "is it fixed" not when.
CentOS 5 died in March 2017 - migrate NOW!
CentOS 6 goes EOL sooner rather than later, get upgrading!
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply

Return to “CentOS 8 - Security Support”