Could security errata packages directly contain infos on CVE/Red Hat severity, useful for PCI DSS compliance?

Solution Verified - Updated -

Issue

We need to comply with the PCI DSS v2.0 standard, section 6.2 and "Establish a process to identify and assign a risk ranking to newly discovered security vulnerabilities."

For this could Red Hat please provide the following informations in the header of security errata RPM packages:

  • CVE number/reference of affected CVEs
  • CVE severity/severities
  • Red Hat severity/Red Hat severities

We would like to be able to access these infos using i.e. rpm -q --listcve <rpm>.

Environment

  • Red Hat Enterprise Linux (RHEL)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content