Beruflich Dokumente
Kultur Dokumente
Here is a little known secret that allows you to view the change log of a package. Using
--changelog option you can find out if particular security bug is fixed or not. This is extremely
useful option for production boxes.
For example CVE-2007-1864 documents that php has serious buffer overflow in the bundled
libxmlrpc library in PHP before v4.4.7, and 5.x before 5.2.2. It has unknown impact and
remote attack vectors. Now how do you know if this bug is fixed or not in your installed php
version? Simply type the following command:
rpm -q --changelog php
This option allows you to view change log w/o visiting vendors / distributions website. The
--changelog option only works with rpm based package and distro such as RHEL / CentOS /
Fedora / Suse etc. RPM is a very powerful utility and I hope this small tip will save lot of
time. For more information read rpm command man page.