Page 1 of 1

Tracing Red Hat Security Errata to CentOS

Posted: 2019/05/21 15:18:34
by TEKFused
Hello Everyone,

How do I verify that a Red Hat backported fix (aka security errata) was applied in the version of CentOS I am running? It is difficult to trace from Red Hat to CentOS, and I'm hoping that there is a CLI command I can use to verify that the security errata was installed.

The closest idea I have is to check the rpm's change log via the CLI. Any other ideas?

Thank you in advance!

Jake

Re: Tracing Red Hat Security Errata to CentOS

Posted: 2019/05/21 15:26:24
by TrevorH
Subscribe to the centos-announce mailing list and you will get mails about each update with links in them to the upstream errata page describing the fix and its severity. Once subscribed you can edit your preferences via the web and pick which versions and architectures you want to receive mails for.

Re: Tracing Red Hat Security Errata to CentOS

Posted: 2019/05/21 18:29:10
by TEKFused
Thanks, Trevor. I will certainly do that!

Is the errata info not included in the rpm's change log? See here for example: https://www.cyberciti.biz/tips/howto-fi ... gelog.html

Re: Tracing Red Hat Security Errata to CentOS

Posted: 2019/05/21 18:32:28
by TrevorH
The CVE number is usually in the changelog but then you have to query each package to find it. And unless it's installed already then you have to track down the url for it and use rpm -qp --changelog http://.... to access it.

Re: Tracing Red Hat Security Errata to CentOS

Posted: 2019/05/21 18:45:08
by TEKFused
Thank you for the info! I think this is my last question. I was looking at the announcements mailing list archives, but I didn't see a search feature: https://lists.centos.org/pipermail/centos-announce/

I can use Google to search, but wondered if I missed the search that is on the site. Thanks again!

Re: Tracing Red Hat Security Errata to CentOS

Posted: 2019/05/21 19:17:38
by TrevorH
I don't think there is a search function in mailman so google is your best option. Of course, once you are subscribed they get delivered to your inbox and can be processed from there.

Re: Tracing Red Hat Security Errata to CentOS

Posted: 2019/05/21 19:33:05
by TEKFused
Thanks again for the info!