My Favorites

Close

Please to see your favorites.

  • Bookmark
  • Email Document
  • Printer Friendly
  • Favorite
  • Rating:

Linux: Determining whether or not a package has been patched for a bug or CVE

This document (7002558) is provided subject to the disclaimer at the end of this document.

Environment

Novell Open Enterprise Server (Linux based, all variants)
Novell openSUSE (all variants)
SUSE Linux Enterprise (all variants)

Situation

How to check whether or not a certain package has been patched for a bug or security vulnerability.

Resolution

Manual check:

To check whether or not a currently installed package has been patched for a bug or security vulnerabiltiy, zypper can be used to query packages using --bug and --cve flags (this is the preferred method).

The "rpm" command with flags "-q --changelog" will also show the patches including security patches.

For example, "rpm -q --changelog kernel-smp" will show output similiar to:
* Mon Jan 07 2008 - example@suse.de
-- patches.fixes/hrtimers-avoid-overflow-for-large-relative-timeouts:
   hrtimers: avoid overflow for large relative timeouts (347262,112296- 
   CVE-2007-5966).

The output shows the that change information, including the Novell Bugzilla Number, the CVE number and the Linux Kernel bug number.

Using zypper:

Note: To use zypper, the system needs to be connected to a valid update server such as Subscription Management Tool or SUSE Manager.

SLE11SP1 based systems: Here two steps are required to resolve the request:
  1. zypper lp -a --cve=CVE#
  2. zypper patch-info <patch-name>

e.g.

  1. zypper lp -a --cve=CVE-2010-2074

    which will return:

    sles11sp1:~ # zypper lp -a --cve=CVE-2010-2074
    Loading repository data...
    Reading installed packages...

    Issue | No.           | Patch            | Category
    ------+---------------+------------------+---------
    cve   | CVE-2010-2074 | slessp1-w3m-2563 | security


  2. In a second step check the output of zypper patch-info slessp1-w3m-2563 whether the patch was already applied.
As of SLES11SP2: Just run zypper lp -a --cve=CVE-2010-2074:
sles11sp2:~ # zypper lp -a --cve=CVE-2010-2074
Refreshing service 'spacewalk'.
Loading repository data...
Reading installed packages...

Issue | No.           | Patch                 | Category | Status   
------+---------------+-----------------------+----------+-----------
cve   | CVE-2010-2074 | slessp1-w3m-2563-2563 | security | not needed

Additional Information

If you are looking for a particular CVE, please check out the Published Novell/SUSE Linux security updates by CVE number database. The database contains links to the patch and versions that apply.

You can also view all current SUSE Linux Security Advisories.

Many of the bugs have a three letter header in front of the numbers. The following details what the numbers mean. For example, if a bug had (347262,112296-CVE-2007-5966)
  • CVE-: Common Vulnerability and Exposure Number at mitre.org
  • BNC# or number with no letters: Novell Bugzillia Number at Novell Bugzilla (requires username/password)
  • LTC#: IBM Linux Technology Center Bug Number

SUSE Manager

One feature of SUSE Manager is the ability to run a CVE Audit across registered systems to identify those, who are lacking security updates. See the SUSE Manager CVE Audit chapter for further details.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7002558
  • Creation Date:05-FEB-09
  • Modified Date:28-MAY-14
    • SUSESUSE Linux Enterprise Desktop
      SUSE Linux Enterprise Point of Service
      SUSE Linux Enterprise Real Time Extension
      SUSE Linux Enterprise Server
< Back to Support Search

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center