Sam Varshavchik wrote:
> Jaigh Jaddo writes:
>
>> Is there a tool similar to freeBSD's portaudit? Something that will
>> report packages that have known vulnerabilities.
>
> No. For the simple reason that a known vulnerability results in an
> updated package. If you want to make sure that you're not running
> any known vulnerability, run "yum update".
There can be known vulnerabilities that are not fixed yet. I thought
that was what Jaigh was asking about, and this is the sort of info
that's in the fedora-security/audit files.
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
We never reflect how pleasant it is to ask for nothing.
-- Seneca
Attachment:
pgpaOI4mjz8mR.pgp
Description: PGP signature
