AIX Open Source

 View Only
Expand all | Collapse all

Vulnerability Management for rpm packages

  • 1.  Vulnerability Management for rpm packages

    Posted Thu July 18, 2024 10:30 AM

    Hello,

    We would like to know the vulnerability exposure level for the different rpm packages installed on our AIX servers and downloaded from the AIX Toolbox for Open Source Software.

    So we are looking for an inventory of rpm packages with the security CVE's fixed on each version. Something similar to the FLRT Security APAR Information for the AIX operating system.

    Is there something similar available into the FLRT tool or the AIX Toolbox website?

    thanks and regards
    Jose



    ------------------------------
    Antonio Gallego
    ------------------------------


  • 2.  RE: Vulnerability Management for rpm packages

    Posted Tue August 06, 2024 11:30 AM

    Hi 

    As of today, we don't maintain rpm package inventory having the CVE tracking information.
    We do monitor the CVE's and keep updating the packages to latest version having the CVE fix. 
    Some time, CVE related queries are posted in this forum also and we take care of it.
    If we update any packages as a part of CVE fix, we try to put the info into the spec file which is used to generate rpm. 
    https://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/SPECS/ 

    Thanks
    Ranjit



    ------------------------------
    Ranjit Ranjan
    ------------------------------