Posted in Information Technology, Security

Package Vulnerabilities Cheat Sheet

Scanners

Linux Distribution Tools

Distribution

Scanner

Rating

Description

Debian

debsecan

superb

Easy to use. Maintained by the Debian testing team. Lists packages, CVE numbers and details.

\ \

Ubuntu

debsecan

useless

They just packaged the Debian scanner without providing a database for it! And since 2008 there is a bug about it being 100% useless.

\ \

CentOS Fedora Redhat

“yum list-security”

good

Provides package name and CVE number. Note: On older systems there is only “yum list updates”.

\ \

OpenSuSE

“zypper list-patches”

ok

Provides packages names with security relevant updates. You need to filter the list yourself or use the “–cve” switch to limit to CVEs only.

\ \

SLES

“rug lu”

ok

Provides packages names with security relevant updates. Similar to zypper you need to do the filtering yourself.

\ \

Gentoo

glsa-check

bad

There is a dedicated scanner, but no documentation.

\ \

FreeBSD

Portaudit

superb

No Linux? Still a nice solution… Lists vulnerable ports and vulnerability details.

Patch Orchestration

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s