How do I check to see if Redhat (CentOS) has backported a security fix for Samba?

Asked Jun 18 '10 at 18:52

Active Jun 18 '10 at 19:55

Viewed 8,053 times

http://www.samba.org/samba/security/CVE-2010-2063.html

How can I check to see if the Redhat (CentOS) repositories have backported a fix?

asked Jun 18 '10 at 18:52

Joshua Enfield

3,404
8
41
58

Related question (which I believe would answer yours): Does CentOS / RHEL have a web-based package list and search site, like http://packages.ubuntu.com ? That is a very handy site for me. – Luke has no name Jun 18 '10 at 19:01
Nope it doesn't! http://serverfault.com/questions/239205/official-online-rpm-package-browser-search-for-centos/239290#239290 – Coops Mar 08 '11 at 07:49

2 Answers2

rpm -q --changelog <package name> will show the package changelog, where vulnerabilities that have been patched in a package are enumerated. Additionally, the CentOS package announcement mailing list also gives the added portions of the changelog when the package is released.

answered Jun 18 '10 at 19:55

Ignacio Vazquez-Abrams

45,019
5
78
84

It's a combination of RedHat Bugzilla, RedHat Errata, and CentOS mirrors.
First, using the CVE-2010-XXXX visit https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-XXXX. When you see that the issue has been addressed follow that link to the RedHat errata.
Grab the rpm version and head to a CentOS mirror.

For example the latest sudo vulnerability (CVE-2010-1646):

bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-1646 (last comment->) rhn.redhat.com/errata/RHSA-2010-0475.html (copy sudo-1.7.2p1-7.el5_5.x86_64.rpm) mirror.cs.vt.edu/pub/CentOS/5/updates/x86_64/RPMS/ (it matches RedHat's errrata)

The samba vuln hasn't been packaged for CentOS and sent upstream as far as I can tell.

answered Jun 18 '10 at 19:46

flashnode

Link to redhat's offical CVE database: https://www.redhat.com/security/data/cve/ which gives a CVE orientated view, rather than a bug orientated one. – Coops Mar 08 '11 at 07:49