How to find Patch Number or Command Execution Vulnerability(CVE) has been installed in RHEL/OEL/Centos
CVE, short for Common Vulnerabilities and Exposures, is a list of publicly disclosed computer security flaws. The security flaw that's been assigned a CVE ID number.
We use the rpm command to find the CVE. Each rpm package stores information about patches including date, small description, and CVE number.
Use the -q query option to display change information for the package.
rpm –changelog option
Use the command as follows:
rpm -q --changelog {package-name}
rpm -q --changelog {package-name} | more
rpm -q --changelog {package-name} | grep CVE-NUMBER
If we want to find out if CVE-2015-3183 has been applied to httpd package or not, enter:
# rpm -q --changelog httpd|grep CVE-2015-3183
Find for a kernel
# rpm -q --changelog kernel| more
OR
# rpm -q --changelog httpd | more
Sample output:
# rpm -q --changelog httpd |grep -i CVE
- updated patch for CVE-2016-8743
- Resolves: #1412975 - CVE-2016-0736 CVE-2016-2161 CVE-2016-8743 httpd: various
- add security fix for CVE-2016-5387
- core: fix chunk header parsing defect (CVE-2015-3183)
and ap_force_authn hook (CVE-2015-3185)
- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)
- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)
- mod_cgid: add security fix for CVE-2014-0231 (#1120608)
- mod_proxy: add security fix for CVE-2014-0117 (#1120608)
- mod_deflate: add security fix for CVE-2014-0118 (#1120608)
- mod_status: add security fix for CVE-2014-0226 (#1120608)
- mod_cache: add secutiry fix for CVE-2013-4352 (#1120608)
- mod_dav: add security fix for CVE-2013-6438 (#1077907)
- mod_log_config: add security fix for CVE-2014-0098 (#1077907)
Find CVE for an rpm file
The above command will query the installed package only. To query the rpm file use the below.
# rpm -qp --changelog httpd-1.3.0-1.noarch.rpm | more
Post a Comment
Post a Comment