Could security errata packages directly contain infos on CVE/Red Hat severity, useful for PCI DSS compliance?
Issue
We need to comply with the PCI DSS v2.0 standard, section 6.2 and "Establish a process to identify and assign a risk ranking to newly discovered security vulnerabilities."
For this could Red Hat please provide the following informations in the header of security errata RPM packages:
- CVE number/reference of affected CVEs
- CVE severity/severities
- Red Hat severity/Red Hat severities
We would like to be able to access these infos using i.e. rpm -q --listcve <rpm>
.
Environment
- Red Hat Enterprise Linux (RHEL)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.