A CVE tool

Redhat publishes CVE's. Which is good :)

What would be better, is a small (and lite weight) tool which can understand the CVE file format and looks in your local installation (rpm database) to see if any of these cve's impact the system.

This little tool could then be the building block for satellite things etc.

Something like...

cve_checker --help

cve_checker --file http://my.local.server/latest-cve.xml

cve_checker --file file:////tmp/where/cron/put/it/latest-cve.xml --output xml

cve_checker --config /etc/cve_check/cve_check.conf

So the cve file location can be specified, different outputs can be provided to provide nice inputs for other scripts....

Ok,  i agree that XML is not a nice input for other scripts or commands...