Monday, May 4, 2015

Debian/Ubuntu Linux: Find If Installed Package Includes a Fix/Patch Via CVE Number

           ,      No comments   
 I am a Debian Linux serer user. How do I view the changelog of an installed package and find out if given CVE includes a fix or patch? How do I see a fix or patch already applied to installed package on a Ubuntu or Debian LTS server?

The changelog of an installed package is usaully stored as follows on a Debian or Ubuntu or Mint Linux:



  1. Directory: /usr/share/doc/$PackageNameHere/
  2. Changelog file name: changelog.Debian.gz
You can use the less or zgrep command to view/usr/share/doc/<PackageNameHere>/changelog.Debian.gz file.

Syntax

You need to replace <PackageNameHere> with the actual package name:
less /usr/share/doc/<PackageNameHere>/changelog.Debian.gz
zgrep 'cve-number-here' /usr/share/doc/<PackageNameHere>/changelog.Debian.gz

Examples: Find lighttpd package change log

In this example view info about a package called lighttpd, enter:
 
less /usr/share/doc/lighttpd/changelog.Debian.gz
 
Sample outputs:
Fig.01: Debian / Ubuntu Linux See The Changelog Of an Installed Package
Fig.01: Debian / Ubuntu Linux See The Changelog Of an Installed Package

Example: See if lighttpd package includes a fix/patch for cve # cve-2013-4559

To find out if installed package called lighttpd includes a fix or patch, enter:
$ zgrep -i cve-2013-4559 /usr/share/doc/lighttpd/changelog.Debian.gz
  * Fix cve-2013-4559: setuid privilege escalation issue.
To display all cve, enter:
$ zgrep -i cve /usr/share/doc/lighttpd/changelog.Debian.gz
  * Fix regression caused by the fix for cve-2013-4508 (closes: #729480).
  * Fix cve-2013-4508: ssl cipher suites issue.
  * Fix cve-2013-4559: setuid privilege escalation issue.
  * Fix cve-2013-4560: use-after-free in fam.
  * CVE-2013-1427: Switch the socket path for PHP when using FastCGI. /tmp is
    - CVE-2013-1427: Switch the socket path for PHP when using FASTCGI. /tmp

0 comments:

Post a Comment