A CVE tool

Latest response

Redhat publishes CVE's. Which is good :)

 

What would be better, is a small (and lite weight) tool which can understand the CVE file format and looks in your local installation (rpm database) to see if any of these cve's impact the system.

 

This little tool could then be the building block for satellite things etc.

 

Something like...

 

cve_checker --help

cve_checker --file http://my.local.server/latest-cve.xml

cve_checker --file file:////tmp/where/cron/put/it/latest-cve.xml --output xml

cve_checker --config /etc/cve_check/cve_check.conf

 

So the cve file location can be specified, different outputs can be provided to provide nice inputs for other scripts....

 

Ok,  i agree that XML is not a nice input for other scripts or commands...

de
Log in to join the conversation

Responses

rh Red Hat Guru 1429 points
29 November 2011 10:44 AM

Hi

 

  You might like to check out checksosreport which allows one to see the packages on system, and the changelog in question.

 

 

sample o/p

 

....

acl-2.2.49-4.el6-x86_64 should be acl-2.2.49-5.el6-x86_64 (rhel-x86_64-workstation-fastrack-6)
2011-06-27 12:00:00
Kamil Dudka <kdudka@redhat.com> 2.2.49-5
- clarify that removing a non-existent acl entry is not an error (#674883)
- update project URL in package specification (#702638)
...
 

 

 

Cheers

Robin Price's picture Red Hat Expert 845 points
5 December 2011 8:59 PM

Red Hat vulnerabilities by CVE name:

http://www.redhat.com/security/data/cve/

 

From RHEL with yum:

http://magazine.redhat.com/2008/01/16/tips-and-tricks-yum-security/

 

~rp