Searching for package updates by relevant Common Vulnerabilities and Exposures (CVE) number

Solution Verified - Updated -


  • Red Hat Customer Portal


  • How do I look for package updates by relevant Common Vulnerabilities and Exposures (CVE) numbers?
  • How do I know if a CVE name affects a Red Hat Enterprise Linux package?
  • Where can I find more information about a particular CVE?
  • How do I determine if the installed packages include the CVE fixes?


Common Vulnerabilities and Exposures provide standard, vendor-independent names for information security issues (i.e., security vulnerabilities and exposures). CVEs are used in security-related communications such as Red Hat errata, other vendors' security bulletins, and bug tracking systems. System and network administrators are often asked to ensure their systems are patched for a specific CVE. There are a number of ways to tell if a package is affected by or has received a fix for a given CVE:
* Use the Red Hat CVE Database to navigate to or search for a given CVE and see how the MITRE CVE dictionary describes the issue, as well as the Common Vulnerability Scoring System (CVSS) metrics and advisories that fix the issue if applicable.

To look for packages which are affected by a specific CVE:

  1. Search for a particular CVE number in the database.
  2. Validate the security information including impact classification, relevant Bugzilla link, and security errata. You can find this data from the results page.
  3. If available, you can download the package from the Affected Packages State section of the advisory page. You can also use the Package Browser tool to find specific packages.

Note: Not all CVE advisories are fixed by Red Hat errata. In some cases, a newer package may be available. Click the package to verify.

  • Open the errata page in Red Hat Subscription Management (RHSM). Filter by synopsis.

  • Refer to Red Hat Bugzilla if the CVE Database and RHSM do not give enough information about the issue. Bugs for security issues are use the CVE names.

  • The yum-security package (in Red Hat Enterprise Linux 5.1 and later) provides the yum-security yum plug-in so that you can install only security-related updates. For details, refer in the Red Hat Enterprise Linux 6 Deployment Guide.

Learn more about the meaning of CVSS base metrics.

Wherever feasible, Red Hat addresses security issues by backporting. This approach and its impact on package versioning are discussed in the backporting policy in the Red Hat Customer Portal.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.


Have other solution :

We have vulnerability report for the server about the Oracle Java SE Critical Patch Update - October 2019. We have updated the server with latest available patch but it is still reporting in vulnerability. Please suggest to fix the same.

Hello, I am having issues updating nss-softokn in regards to RHSA-2019-4152. When using yum command to update nss-softokn I receive an error stating patch requires nss-softokn-utils-3.44.0-6.el6_10.x86_64.rpm and nspr-4.21.0-1.el6.x86_64.rpm. But within RHSA-2019-4152 under Security Advisories on the Red Hat Customer Portal I do not see these available for download. Nor can I find them anywhere within Security Advisories. Please help on locating these patches, thanks.

we cant find any solution for -bash: fuser: command not found & their is no help from redhat site, We need to log a case for simple things.

Is it possible to upgrade apache from 2.4.6 to 2.4.43 on RHEL 7.8 . What is the maximum support apache or httpd version for RHEL 7 Please advise

We have Vulnerability issue in RHEL-6 servers as below . Could you please suggest to mitigate this issue

Vulnerability details : Tenable EMEA DRN Server: Remote package installed : kernel-debuginfo-common-x86_64-2.6.32-504.16.2.el6.sfdc01646992.hwbp Should be : kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6 NOTE: The vulnerability information above was derived by checking the package versions of the affected packages from this advisory. This scan is unable to rely on Red Hat's own security checks, which consider channels and products in their vulnerability determinations.