If it is fixed in RHEL 7 then it is also fixed in CentOS 7. Provided you are up to date that is. If you run
yum update and there are no packages to be updated then you are up to date (assuming that you do not run your own CentOS mirror and then it depends on that being up to date too).
In most cases you can run
rpm -q --changelog $package | less and see the rpm changelog which usually lists the CVE numbers as fixed though not always. You can also consult the Red Hat CVE pages like or example
https://access.redhat.com/security/cve/CVE-YYYY-nnnnn and read about them there adn the packages tab lists the package version in which this was fixed. CentOS moslty uses the same package versions as RHEL does unless the package contains ".centos." in which case special rules apply but the numbers are still similar enough to be able to work out if you have the right one or not.
Please note that 'yum security' does not work on CentOS as the yum repos do not contain the security metadata necessary to allow that to function. Do not attempt to run e.g. yum update --security as it will always tell you there is nothing to do.
,
