CVE advisories and CENTOS

UNIX for Beginners Q & A
1

Hi guys,

At work we run an application that runs off of CENTOS 7.3
A client asked us if a list of CVE advisories applied to it.
Online I searched for an online CVE repository for Centos but could not find one: It uses a mailing list.
I found the RED HAT CVE Database. I could check if each CVE applied to my os. THE CVE's listed the packages affected.
Will I not find all applicable packages affected on CENTOSi 7.3 from the list of CVE's client provided to me if I just use the RED HAT CVE Database repository?

2

Hi Mojoman,

You should be able to run the comparison against the Red Hat CVE database, but not sure how much time Red Hat will spend keeping it relevant to CentOS. I'd suggest that you would be able to get a more meaningful communication going with one of the CentOS groups, you may want to look at a specific CentOS CVE Scanner then see what is required.

Regards

Gull04

1 Like