Getting more details about Red Hat Security Advisories and related CVEs

Two links for an in-depth explanation regarding Red Hat backporting security fixes process as well as compatibility between Red Hat security advisories and Mitre CVEs.

Backporting Security Fixes

Red Hat and CVE compatibility

Red Hat provides free access to two databases for errata and for CVE referenced in Red Hat products :

Red Hat Product Errata database

Red Hat CVE Database


How to list the CVEs fixed in a given rpm ?

A quick tip to retrieve the CVEs fixed in a given version of a rpm :

[fool@localhost:~]$ rpm -q --changelog openssl-libs-1.0.1e-51.el7_2.4.x86_64 | grep CVE-2014-3567
- fix CVE-2014-3567 - memory leak when handling session tickets

[fool@localhost:~]$ rpm -q --changelog openssl-libs-1.0.1e-51.el7_2.4.x86_64 | grep CVE-2014-8176
- fix CVE-2014-8176 - invalid free in DTLS buffering code

[fool@localhost:~]$ rpm -q --changelog openssl-libs-1.0.1e-51.el7_2.4.x86_64 | grep CVE-2015-0292
- fix CVE-2015-0292 - integer underflow in base64 decoder

Using the sed utility, all the CVEs fixed can be retrieved.
For the php rpm package :

[fool@localhost:~]$ rpm -q --changelog php |grep 'CVE-201[0-6]-[0-9]\{4\}' |sed -e '1s/^.*\(CVE-201[0-6]-[0-9]\{4\}\)/\1/' -e 's/^-.*\(CVE-201[0-6]-[0-9]\{4\}\)/\1/' -e 's/^\s*.*\(CVE-201[0-6]-[0-9]\{4\}\)/\1/' -e 's/, #[0-9]\{7\}//' |sed -e 's/)//g'

For the openssl rpm package :

[fool@localhost:~]$ rpm -q --changelog openssl |grep 'CVE-201[0-6]-[0-9]\{4\}' |sed -e '1s/^.*\(CVE-201[0-6]-[0-9]\{4\}\)/\1/' -e 's/^-.*\(CVE-201[0-6]-[0-9]\{4\}\)/\1/' -e 's/^\s*.*\(CVE-201[0-6]-[0-9]\{4\}\)/\1/' -e 's/, #[0-9]\{7\}//' |sed -e 's/)//g' |sed -e 's/(#.*$//g' -e 's/(.*//g' -e 's/\s.*$//g'