CentOS 7: Check if a system is vulnerable to a CVE

CVE stands for Common Vulnerabilities and Exposure. It’s a dictionary of publicly known information security vulnerabilities and exposures.

CVE’s common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services.

To check whether a RHEL 7 or CentOS 7 system is vulnerable or not to a CVE, first install the following yum plugin:

# yum install yum-plugin-security

Then, check whether the vulnerability is present (here Linux kernel security update):

# yum updateinfo info --cve CVE-2018-3639
updateinfo info done

Note: In the case of a non vulnerable system, nothing is displayed.

At any time, you can check a particular CVE to get more information:

https://access.redhat.com/security/cve/cve-2018-3639

All CVEs are available at the Red Hat CVE page.

You can also check for critical security updates:

#yum --security --sec-severity=Critical check-update
...
No packages needed for security; 0 packages available

Or get the advisory references:

# yum –sec-severity=Critical updateinfo list

Leave a Reply

Your email address will not be published. Required fields are marked *

60 − = 59