rpm -q --changelog openssl

Comments 2

When I run the command below on my system
rpm --query --changelog openssl |grep CVE-2016-2108

and the response is below, does that mean that this CVE is patched on this system?

fix CVE-2016-2108 - memory corruption in ASN.1 encode

The reason I ask is in some CVE's it says "fixed" while other say"fix" Does that matter?

Started 2018-10-19T14:59:39+00:00 by

Gene Golbraykh

Community Member 34 points

Responses

SM Guru 3731 points

19 October 2018 6:12 PM

Sadashiva Murthy M

Hi Gene,

Yes, that says that the 'openssl' is patched with that CVE in question. You may also use the command

yum updateinfo list cves installed |grep CVE-2016-2108

to find out if that cve is already installed on your system. You may have to install "yum-plugin-security" if this is RHEL6.x, please refer this KB for more details https://access.redhat.com/solutions/10021

Red Hat Guru 7257 points

19 October 2018 11:19 PM

Jamie Bainbridge

Whether the changelog says "fix" or "fixed" doesn't matter. The changelog is written by humans, so it's just whatever tense the author chose to use at that time.

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

Responses