【yum】セキュリティプラグイン

yum update で対策される脆弱性をリストアップできるらしいです。

利用法

[ec2-user@www ~]$ yum updateinfo list cves|grep openssl
 CVE-2015-3194 medium/Sec.  openssl-1:1.0.1k-13.88.amzn1.x86_64
 CVE-2015-3195 medium/Sec.  openssl-1:1.0.1k-13.88.amzn1.x86_64
 CVE-2015-3196 medium/Sec.  openssl-1:1.0.1k-13.88.amzn1.x86_64
 CVE-2016-0702 important/Sec. openssl-1:1.0.1k-14.89.amzn1.x86_64
 CVE-2015-7575 important/Sec. openssl-1:1.0.1k-14.89.amzn1.x86_64
 CVE-2016-0705 important/Sec. openssl-1:1.0.1k-14.89.amzn1.x86_64
 CVE-2016-0800 important/Sec. openssl-1:1.0.1k-14.89.amzn1.x86_64
 CVE-2016-0799 important/Sec. openssl-1:1.0.1k-14.89.amzn1.x86_64
 CVE-2015-3197 important/Sec. openssl-1:1.0.1k-14.89.amzn1.x86_64
 CVE-2016-0797 important/Sec. openssl-1:1.0.1k-14.89.amzn1.x86_64
 CVE-2015-3194 medium/Sec.  openssl-devel-1:1.0.1k-13.88.amzn1.x86_64
 CVE-2015-3195 medium/Sec.  openssl-devel-1:1.0.1k-13.88.amzn1.x86_64
 CVE-2015-3196 medium/Sec.  openssl-devel-1:1.0.1k-13.88.amzn1.x86_64
 CVE-2016-0702 important/Sec. openssl-devel-1:1.0.1k-14.89.amzn1.x86_64
 CVE-2015-7575 important/Sec. openssl-devel-1:1.0.1k-14.89.amzn1.x86_64
 CVE-2016-0705 important/Sec. openssl-devel-1:1.0.1k-14.89.amzn1.x86_64
 CVE-2016-0800 important/Sec. openssl-devel-1:1.0.1k-14.89.amzn1.x86_64
 CVE-2016-0799 important/Sec. openssl-devel-1:1.0.1k-14.89.amzn1.x86_64
 CVE-2015-3197 important/Sec. openssl-devel-1:1.0.1k-14.89.amzn1.x86_64
 CVE-2016-0797 important/Sec. openssl-devel-1:1.0.1k-14.89.amzn1.x86_64

プラグインインストール

sudo yum install yum-plugin-security

参考