Could security errata packages directly contain infos on CVE/Red Hat severity, useful for PCI DSS compliance?

Solution Verified - Updated -

Issue

We need to comply with the PCI DSS v2.0 standard, section 6.2 and "Establish a process to identify and assign a risk ranking to newly discovered security vulnerabilities."

For this could Red Hat please provide the following informations in the header of security errata RPM packages:

  • CVE number/reference of affected CVEs
  • CVE severity/severities
  • Red Hat severity/Red Hat severities

We would like to be able to access these infos using i.e. rpm -q --listcve <rpm>.

Environment

  • Red Hat Enterprise Linux (RHEL)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.