RedHat and CentOS Applied Fixes

Posted on Monday May 2nd, 2016

Redhat and CentOS do not update versions of applications for enterprise versions, rather they apply fixes to the currently version and append a release number, thus:

httpd-2.2.15-47.el6.centos.3.x86_64

is Apache version 2.2.15 with 47 releases. But how do you identify if a specific fix has been applied? By viewing the changelog:

$ rpm -q --changelog httpd

which produces information like this:

* Tue Feb 09 2016 Johnny Hughes <johnny@centos.org> - 2.2.15-47.3
- Roll in CentOS Branding

* Fri Jan 22 2016 Jan Kaluza <jkaluza@redhat.com> - 2.2.15-47.3
- core: fix crash when handling interim response from backend (#1298866)

However, it is possible to go one step further and seek out specific CVE issues:

$ rpm -q --changelog httpd | grep CVE-2014-0231
- mod_cgid: add security fix for CVE-2014-0231

If you like yum then you can ask it directly after installing a necessary rpm:

$ yum install yum-plugin-security 
$ yum updateinfo info --cve CVE-2014-0224

Credit where credit is due:
http://www.cyberciti.biz/faq/linux-find-out-patch-can-cve-applied/
ihttps://securityblog.redhat.com/2014/09/03/is-your-software-fixed/
http://www.petefreitag.com/item/826.cfm