http://brandonhutchinson.com/mediawiki/index.php5?title=RPMs_and_CVEs&action=history Revision history for this page on the wiki en MediaWiki 1.11.0rc1 Tue, 21 May 2013 08:58:07 GMT http://brandonhutchinson.com/mediawiki/index.php5?title=RPMs_and_CVEs&diff=1449&oldid=prev <p></p> <table style="background-color: white; color:black;"> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr> <td colspan='2' style="background-color: white; color:black;">←Older revision</td> <td colspan='2' style="background-color: white; color:black;">Revision as of 15:34, 4 September 2009</td> </tr> <tr><td colspan="2" class="diff-lineno">Line 6:</td> <td colspan="2" class="diff-lineno">Line 6:</td></tr> <tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr> <tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Note that starting on 2005/10/19, the ''CAN-'' prefix is no longer used for candidate CVE entries. It should be included in the above search for any 2005 or earlier CVE's.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Note that starting on 2005/10/19, the ''CAN-'' prefix is no longer used for candidate CVE entries. It should be included in the above search for any 2005 or earlier CVE's.</div></td></tr> <tr><td colspan="2">&nbsp;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"></td></tr> <tr><td colspan="2">&nbsp;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>If the CVE's are not found in the package changelog, check the below ''Red Hat vulnerabilities by CVE name'' link for more information on how the CVE affects Red Hat products.</div></td></tr> <tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr> <tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== Links ==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== Links ==</div></td></tr> </table> Fri, 04 Sep 2009 15:34:09 GMT Hutch http://brandonhutchinson.com/wiki/Talk:RPMs_and_CVEs http://brandonhutchinson.com/mediawiki/index.php5?title=RPMs_and_CVEs&diff=1448&oldid=prev <p><span class="autocomment">Links</span></p> <table style="background-color: white; color:black;"> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr> <td colspan='2' style="background-color: white; color:black;">←Older revision</td> <td colspan='2' style="background-color: white; color:black;">Revision as of 15:33, 4 September 2009</td> </tr> <tr><td colspan="2" class="diff-lineno">Line 12:</td> <td colspan="2" class="diff-lineno">Line 12:</td></tr> <tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* [http://www.redhat.com/security/transparent/cve/ Red Hat and CVE Compatibility]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* [http://www.redhat.com/security/transparent/cve/ Red Hat and CVE Compatibility]</div></td></tr> <tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* [http://www.redhat.com/security/transparent/oval/ Red Hat and OVAL compatibility]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* [http://www.redhat.com/security/transparent/oval/ Red Hat and OVAL compatibility]</div></td></tr> <tr><td colspan="2">&nbsp;</td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>* [https://www.redhat.com/security/data/cve/ Red Hat vulnerabilities by CVE name]</div></td></tr> </table> Fri, 04 Sep 2009 15:33:06 GMT Hutch http://brandonhutchinson.com/wiki/Talk:RPMs_and_CVEs http://brandonhutchinson.com/mediawiki/index.php5?title=RPMs_and_CVEs&diff=437&oldid=prev <p>New page: Vulnerability Assessment (VA) tools commonly flag services on our Red Hat systems as potentially vulnerable based on the services' versions alone. Since Red Hat [http://www.redhat.com/secu...</p> <p><b>New page</b></p><div>Vulnerability Assessment (VA) tools commonly flag services on our Red Hat systems as potentially vulnerable based on the services' versions alone. Since Red Hat [http://www.redhat.com/security/updates/backporting/ backports] security fixes into its packages, the packages may already be patched to address the vulnerabilities. Note that VA tools that support the [http://www.redhat.com/security/transparent/oval/ Open Vulnerability and Assessment Language (OVAL)] can determine the status of vulnerabilities even with backported fixes.<br /> <br /> VA tools often refererence vulnerabilities by their [http://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures Common Vulnerabilities and Exposures (CVE)] number. One of the easiest ways to determine if a Red Hat package is patched for a particular CVE is to examine the package's ''changelog''.<br /> <br /> $ '''rpm -q ''package'' --changelog | egrep &quot;(CAN|CVE)-&quot;'''<br /> <br /> Note that starting on 2005/10/19, the ''CAN-'' prefix is no longer used for candidate CVE entries. It should be included in the above search for any 2005 or earlier CVE's.<br /> <br /> == Links ==<br /> <br /> * [http://www.redhat.com/security/updates/backporting/ Backporting of Security Fixes]<br /> * [http://www.redhat.com/security/transparent/cve/ Red Hat and CVE Compatibility]<br /> * [http://www.redhat.com/security/transparent/oval/ Red Hat and OVAL compatibility]</div> Fri, 05 Oct 2007 19:33:10 GMT Hutch http://brandonhutchinson.com/wiki/Talk:RPMs_and_CVEs