Could security errata packages directly contain infos on CVE/Red Hat severity, useful for PCI DSS compliance?
Issue
We need to comply with the PCI DSS v2.0 standard, section 6.2 and "Establish a process to identify and assign a risk ranking to newly discovered security vulnerabilities."
For this could Red Hat please provide the following informations in the header of security errata RPM packages:
- CVE number/reference of affected CVEs
- CVE severity/severities
- Red Hat severity/Red Hat severities
We would like to be able to access these infos using i.e. rpm -q --listcve <rpm>.
Environment
- Red Hat Enterprise Linux (RHEL)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
