Find the answer to your Linux question:
Results 1 to 3 of 3
I believe Microsoft offers a database of sorts (in XML format - mssecure.xml) which provides all the patch related information (product name, patch name, patch download URL, info on what ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2004
    Posts
    2

    Linux vulnerability patches


    I believe Microsoft offers a database of sorts (in XML format - mssecure.xml) which provides all the patch related information (product name, patch name, patch download URL, info on what the vulnerability is all about) for Microsoft products; which is used by some of the Patch Management tools (Shavlik's HFNetChkPro?).

    Now, I would want to know if something is like this is available for Linux distributions and other Linux related packages. I understand that there are sites like CVE, ICAT etc. which offer vulnerability information (collection). Had a look at them but they seem to be listing details for all types vulnerabilities (including system problems) for all types of products. Firstly I need to parse, the CVE database to locate the Linux related vulnerabilities. And then, I dont find the "patch download" URLs for most vulnerabilities.. there are some URLs but they dont lead to the "patches" as such.

    My requirements are something like this :

    1. Is something as comprehensive as mssecure.xml available for Linux distributions (RedHat, Debian etc.) and related packages ? 2. For Linux patching, what information do the PM tools use to identify vulnerabilities .. CVE database ? (or something similar ?) 3. Are the patches downloaded from respective sites of different Linux distributions or some central repository ? Would like to know if some specific sites are used and if so what are they ?

    Jason

  2. #2
    Linux User
    Join Date
    Jan 2003
    Location
    Cardiff, Wales
    Posts
    478

    fedora

    I use the up2date tool in fedora, patches well new patched versions of stuff are released and I install them.. there's always an advisory notice regarding whats changed.
    No trees were harmed during the creation of this message. Its made from a blend of elephant tusk and dolphin meat.

  3. #3
    Linux User
    Join Date
    Jan 2004
    Posts
    357
    Your distributions web page should have something on it. I'm not really familiar with the others, but RedHat has this page -
    https://www.redhat.com/apps/support/errata/
    You can probably find something for Debian, Mandrake, Gentoo etc...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •