Results 1 to 3 of 3
I believe Microsoft offers a database of sorts (in XML format - mssecure.xml) which provides all the patch related information (product name, patch name, patch download URL, info on what ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 03-24-2004 #1
- Join Date
- Mar 2004
Linux vulnerability patches
I believe Microsoft offers a database of sorts (in XML format - mssecure.xml) which provides all the patch related information (product name, patch name, patch download URL, info on what the vulnerability is all about) for Microsoft products; which is used by some of the Patch Management tools (Shavlik's HFNetChkPro?).
Now, I would want to know if something is like this is available for Linux distributions and other Linux related packages. I understand that there are sites like CVE, ICAT etc. which offer vulnerability information (collection). Had a look at them but they seem to be listing details for all types vulnerabilities (including system problems) for all types of products. Firstly I need to parse, the CVE database to locate the Linux related vulnerabilities. And then, I dont find the "patch download" URLs for most vulnerabilities.. there are some URLs but they dont lead to the "patches" as such.
My requirements are something like this :
1. Is something as comprehensive as mssecure.xml available for Linux distributions (RedHat, Debian etc.) and related packages ? 2. For Linux patching, what information do the PM tools use to identify vulnerabilities .. CVE database ? (or something similar ?) 3. Are the patches downloaded from respective sites of different Linux distributions or some central repository ? Would like to know if some specific sites are used and if so what are they ?
- 03-24-2004 #2
- Join Date
- Jan 2003
- Cardiff, Wales
I use the up2date tool in fedora, patches well new patched versions of stuff are released and I install them.. there's always an advisory notice regarding whats changed.No trees were harmed during the creation of this message. Its made from a blend of elephant tusk and dolphin meat.
- 03-24-2004 #3
- Join Date
- Jan 2004
Your distributions web page should have something on it. I'm not really familiar with the others, but RedHat has this page -
You can probably find something for Debian, Mandrake, Gentoo etc...