How do I check to see if Redhat (CentOS) has backported a security fix for Samba?

Asked Jun 18 '10 at 18:52

Active Jun 18 '10 at 19:55

Viewed 9,508 times

http://www.samba.org/samba/security/CVE-2010-2063.html

How can I check to see if the Redhat (CentOS) repositories have backported a fix?

asked Jun 18 '10 at 18:52

Joshua Enfield

3,564
9
44
64

2 Answers2

rpm -q --changelog <package name> will show the package changelog, where vulnerabilities that have been patched in a package are enumerated. Additionally, the CentOS package announcement mailing list also gives the added portions of the changelog when the package is released.

answered Jun 18 '10 at 19:55

Ignacio Vazquez-Abrams

47,271

It's a combination of RedHat Bugzilla, RedHat Errata, and CentOS mirrors.
First, using the CVE-2010-XXXX visit https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-XXXX. When you see that the issue has been addressed follow that link to the RedHat errata.
Grab the rpm version and head to a CentOS mirror.

For example the latest sudo vulnerability (CVE-2010-1646):

bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-1646 (last comment->) rhn.redhat.com/errata/RHSA-2010-0475.html (copy sudo-1.7.2p1-7.el5_5.x86_64.rpm) mirror.cs.vt.edu/pub/CentOS/5/updates/x86_64/RPMS/ (it matches RedHat's errrata)

The samba vuln hasn't been packaged for CentOS and sent upstream as far as I can tell.

answered Jun 18 '10 at 19:46

flashnode

How do I check to see if Redhat (CentOS) has backported a security fix for Samba?

2 Answers2

Linked