Why does a Red Hat Product Advisory for a CVE show a higher version than what is currently marked as "latest"?

Solution Verified - Updated -

Issue

  • A Red Hat Product Advisory shows that a package with a lesser version number is more current than a higher version number
  • A security scanning tool says a CVE was not patched because the version of an installed package is lesser than Red Hat's version published in the CVE's corresponding Red Hat Product Advisory

Environment

Red Hat Enterprise Linux

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content