check cve vulnerability in linux

How to Check CVE Vulnerability in Linux

Team Fedingo

Common Vulnerability & Exposure (CVE) are the publicly disclosed computer vulnerabilities and exposures. Each vulnerability has an ID, details and a public link for reference. As a system administrator, it is important to check if your computer is vulnerable to these CVEs. In this article, we will learn how to check CVE vulnerability in Linux.


How to Check CVE Vulnerability in Linux

There are primarily two ways to check for vulnerability in Linux.


1. Using CVE Number

If you know the CVE number of vulnerability, you can find out if it has been fixed on your system or not. Here is the syntax of the command to help you do this.

# rpm -q --changelog [package-name] | grep [CVE-NUMBER]

Here is an example to check if CVE-2021-3450 is fixed on your system.

# rpm -q --changelog openssl | grep CVE-2021-3450

- CVE-2021-3450 openssl: CA certificate check

If the CVE number is not displayed in the command’s output, it means that vulnerability is not fixed on your system. In such cases, simply update the relevant package, such as openssl.

# yum update openssl

After update, you can check the changelog for all CVE patches applied.

# rpm -q --changelog openssl | grep CVE

Similarly, if you want to check all the CVE patches applied in 2021, run the following command.

# rpm -q --changelog openssl | grep CVE-2021

- CVE-2021-3450 openssl: CA certificate check
- Fix CVE-2021-3449 NULL pointer deref in signature_algorithms processing


2. Using Yum command

You can also use yum command to check if there are any CVE’s on your system. You will need to yum-plugin-security for this purpose. It is already present on RHEL 7 & 8. On RHEL 6, you can install it with the following command.

# yum install yum-plugin-security

Once it is installed, you can check if a CVE has been fixed, using its CVE number. Here is an example to check if CVE-2021-3445 has been fixed.

# yum updateinfo info --cve CVE-2021-3445

If you don’t see any output, it means the CVE patch has already been applied. If it shows any output, it means the CVE exists. In such cases, just update yum with the following command.

# yum update yum

You can get a list of all CVEs from Redhat’s CVE database page.

In this article, we have learnt how to quickly find out if your system has any CVE vulnerability in it, and steps to be taken in case of any vulnerability.

Also read:

How to Capture Top Command Output to File
How to Check Supported TLS/SSL Version in Linux
How to Run Multiple Commands in Linux
How to Record & Replay Terminal Session in Linux
How to Save All Terminal Output to File

Related posts:

How to Do Reverse DNS Lookup in Linux
How to Give User Access to Folder in Linux
How to Install Zoom in Ubuntu
How to Clear Terminal History in Linux & MacOS
How to Delete Root Mails in Linux
Shell Script to Backup Files in Directory
How to Remove Yum Repositories
How to mkdir Only if Directory Does Not Exist

Leave a Reply

Your email address will not be published. Required fields are marked *