Archive for category redhat

How to determine if your Red Hat Enterprise Linux 7 system is vulnerable to a specific CVE

Let’s say we are looking to determine if our system is vulnerable to Heartbleed or LogJam.

# ls /usr/lib64/*
/usr/lib64/ /usr/lib64/
# yum info openssl
Installed Packages
Name : openssl
Arch : x86_64
Epoch : 1
Version : 1.0.1e
Release : 42.el7_1.9
Size : 1.5 M
Repo : installed
From repo : rhel-7-server-rpms
Summary : Utilities from the general purpose cryptography library with TLS implementation
License : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
 : machines. OpenSSL includes a certificate management tool and shared
 : libraries which provide various cryptographic algorithms and
 : protocols.

Note “Version” is 1.0.1e. But that denotes what version Red Hat based the relesae. Since that release, Red Hat has backported many future bugfixes, security fixes, etc, exposed by the “Release” value 42.el7_1.9.

Using Heartbleed (CVE-2014-0160) as the example (
“Red Hat Enterprise Linux 7 include OpenSSL version openssl-1.0.1e-34.el7 which includes a fix backported from openssl-1.0.1g”

Each specific CVE can be check directly on Red Hat’s site,

You can also check directly on the command line. For example, checking for Heartbleed you would use:

# yum updateinfo list installed --cve CVE-2014-0160

This will show any RPM packages installed that apply to Heartbleed. But note — nothing will return on a RHEL7 system, because the original RPM released with RHEL7 was not vulnerable, so no additiona package needed to be installed to fix it.

Logjam, though, is a little more interesting.

# yum updateinfo list installed --cve CVE-2015-4000
RHSA-2015:1229 Critical/Sec. java-1.7.0-openjdk-1:
RHSA-2015:1229 Critical/Sec. java-1.7.0-openjdk-1:
RHSA-2015:1229 Critical/Sec. java-1.7.0-openjdk-headless-1:
RHSA-2015:1185 Moderate/Sec. nss-3.19.1-3.el6_6.x86_64
RHSA-2015:1185 Moderate/Sec. nss-3.19.1-3.el7_1.x86_64
RHSA-2015:1185 Moderate/Sec. nss-sysinit-3.19.1-3.el6_6.x86_64
RHSA-2015:1185 Moderate/Sec. nss-sysinit-3.19.1-3.el7_1.x86_64
RHSA-2015:1185 Moderate/Sec. nss-tools-3.19.1-3.el6_6.x86_64
RHSA-2015:1185 Moderate/Sec. nss-tools-3.19.1-3.el7_1.x86_64
RHSA-2015:1185 Moderate/Sec. nss-util-3.19.1-1.el6_6.x86_64
RHSA-2015:1185 Moderate/Sec. nss-util-3.19.1-1.el7_1.x86_64
RHSA-2015:1072 Moderate/Sec. openssl-1.0.1e-30.el6_6.9.x86_64
RHSA-2015:1072 Moderate/Sec. openssl-1:1.0.1e-42.el7_1.6.x86_64
RHSA-2015:1072 Moderate/Sec. openssl-libs-1:1.0.1e-42.el7_1.6.x86_64

Each of those RHSA’s addressed Logjam. You can get a lot more information by using:

# yum updateinfo info installed --cve CVE-2015-4000

Note the use of “installed” in these commands. This shows information only about packages that are already installed. If you remove “installed”, you will see information only about packages that /could/ be installed.

Leave a comment

What a year!!

Two years at Red Hat have flown by at such a rapid pace; I’m even a couple months late in blogging about it! To top off another year full of great projects, awesome technology, and incredible people, I’ve had a couple exciting things happen that I wanted to share.

Last month I was chosen to be a “Red Hat Chairman’s Award” recipient, and last week (photo below) I was awarded “North American Account Solutions Architect” of the Year!


I am truly humbled by both of these awards, and was speechless when I heard my name called (those who know me well understand how rare that is). I am looking forward to see what this next year will bring!

Leave a comment

Yum Command Cheat Sheet for Red Hat Enterprise Linux

Great reference to keep at the desk!

Leave a comment