What is Red Hat's security patch and backport practice?
Environment
- Red Hat Enterprise Linux (RHEL)
- Red Hat Enterprise Virtualization (RHEV)
- Red Hat JBoss Middleware Products
Issue
- What is Red Hat's security patch and backport practice?
- Are Red Hat packages the upstream versions?
- Are all known security issues resolved in a package version?
- Will Red Hat fix future security issues in packages as they are discovered?
Resolution
-
Red Hat will backport security patches and fixes to packages as per the following
-
Security vulnerabilities are given a score which is calculated from the impact of the vulnerability
-
Always refer to the product specific life cycle for the current security support criteria
-
If you have a specific vulnerability and you wish to confirm if it has been patched, then you may browse our CVE database
Additional Information
-
Notifications and Advisories
-
Subscribing to our mailing lists
- rhsa-announce if you want advisories for every Red Hat product and service
- rhev-watch-list if you want advisories only for Red Hat Enterprise Virtualization products
- jboss-watch-list if you want advisories only for Red Hat JBoss Middleware products
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
3 Comments
I want to know how to tell what patches are missing when backporting is used.
See https://access.redhat.com/solutions/10021 For any further detail please open a support ticket
You can try the RPM changelog vs the upstream changelog.