A CVE tool

Latest response

Redhat publishes CVE's. Which is good :)


What would be better, is a small (and lite weight) tool which can understand the CVE file format and looks in your local installation (rpm database) to see if any of these cve's impact the system.


This little tool could then be the building block for satellite things etc.


Something like...


cve_checker --help

cve_checker --file http://my.local.server/latest-cve.xml

cve_checker --file file:////tmp/where/cron/put/it/latest-cve.xml --output xml

cve_checker --config /etc/cve_check/cve_check.conf


So the cve file location can be specified, different outputs can be provided to provide nice inputs for other scripts....


Ok,  i agree that XML is not a nice input for other scripts or commands...




  You might like to check out checksosreport which allows one to see the packages on system, and the changelog in question.



sample o/p



acl-2.2.49-4.el6-x86_64 should be acl-2.2.49-5.el6-x86_64 (rhel-x86_64-workstation-fastrack-6)
2011-06-27 12:00:00
Kamil Dudka <kdudka@redhat.com> 2.2.49-5
- clarify that removing a non-existent acl entry is not an error (#674883)
- update project URL in package specification (#702638)




Red Hat vulnerabilities by CVE name:



From RHEL with yum: