Chapter 8. Common Vulnerabilities and Exposures (CVEs)
The Common Vulnerabilities and Exposures or CVE system provides a reference method for publicly-known information security vulnerabilities and exposures. ITRE Corporation maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security.
MITRE Corporation assigns a CVE identifier to every vulnerability or exposure. The CVE is used to track the vulnerability through different pieces of software, as a single CVE can affect multiple software packages and multiple vendors.
The yum-plugin-security package allows the administrator to only see what updates are security updates (no bugfix or enhancement updates). It can also be used to provide information about which Fedora advisory, which bug in Red Hat’s Bugzilla database, or which CVE number is addressed by a package update.
This feature currently only works on Fedora, Red Hat, and EPEL repositories. Other repositories may or may not provide the necessary flags on their packages to allow such filtering. When using third-party repos it's important to check for updates as using this plugin may allow some security updates to be missed.
Enabling these features is as simple as running the yum install yum-plugin-security command.
