Link Search Menu Expand Document

Package Vulnerabilities Cheat Sheet

Scanners

Linux Distribution Tools

Distribution

Scanner

Rating

Description

Debian

debsecan

superb

Easy to use. Maintained by the Debian testing team. Lists packages, CVE numbers and details.


\

Ubuntu

debsecan

useless

They just packaged the Debian scanner without providing a database for it! And since 2008 there is a bug about it being 100% useless.


\

CentOS Fedora Redhat

“yum list-security”

good

Provides package name and CVE number. Note: On older systems there is only “yum list updates”.


\

OpenSuSE

“zypper list-patches”

ok

Provides packages names with security relevant updates. You need to filter the list yourself or use the “–cve” switch to limit to CVEs only.


\

SLES

“rug lu”

ok

Provides packages names with security relevant updates. Similar to zypper you need to do the filtering yourself.


\

Gentoo

glsa-check

bad

There is a dedicated scanner, but no documentation.


\

FreeBSD

Portaudit

superb

No Linux? Still a nice solution… Lists vulnerable ports and vulnerability details.

Patch Orchestration