CVE stands for Common Vulnerabilities and Exposure. It’s a dictionary of publicly known information security vulnerabilities and exposures.
CVE’s common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services.
To check whether a RHEL 7 or CentOS 7 system is vulnerable or not to a CVE, first install the following yum plugin:
# yum install yum-plugin-security
Then, check whether the vulnerability is present (here Linux kernel security update):
# yum updateinfo info --cve CVE-2018-3639 updateinfo info done
Note: In the case of a non vulnerable system, nothing is displayed.
At any time, you can check a particular CVE to get more information:
All CVEs are available at the Red Hat CVE page.
You can also check for critical security updates:
#yum --security --sec-severity=Critical check-update ... No packages needed for security; 0 packages available
Or get the advisory references:
# yum –sec-severity=Critical updateinfo list