To keep CentOS servers always up to date, security patches provided by CentOS must be applied on a regular basis.
CentOS has its own security advisory system : CESA
They are published as the same time as the Redhat’s ones (RHSA) on their respective mailing-lists.
The naming convention of CESA is quite similar to RHSA. For instance, CESA-2016:1940 and RHSA-2016:1940 address the same security vulnerability.
CentOS’format : CESA-YYYY:xxxx
Red Hat’s format : RHSA-YYYY-xxxx
xxxx refers to the same number.
The last ones can be found on LWN.net as well :