r588 - community/trunk/en-US

sparks at fedoraproject.org sparks at fedoraproject.org
Wed Jul 7 18:06:13 UTC 2010 

Author: sparks
Date: 2010-07-07 18:06:11 +0000 (Wed, 07 Jul 2010)
New Revision: 588

Added:
   community/trunk/en-US/CVE.xml
Log:
Fix for BZ 184234

Added: community/trunk/en-US/CVE.xml
===================================================================
--- community/trunk/en-US/CVE.xml	                        (rev 0)
+++ community/trunk/en-US/CVE.xml	2010-07-07 18:06:11 UTC (rev 588)
@@ -0,0 +1,81 @@
+<?xml version='1.0'?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+]>
+
+<section id="sect-Security_Guide-CVE">
+	<title>Common Vulnerabilities and Exposures</title>
+	<para>
+	The Common Vulnerabilities and Exposures or CVE system provides a reference-method for publicly-known information-security vulnerabilities and exposures.  MITRE Corporation maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security.
+	</para>
+	<para>
+	MITRE Corporation assigns a CVE identifier to every vulnerability or exposure.  The CVE is used to track the vulnerability through different pieces of software as a single CVE can affect multiple software packages and multiple vendors.
+	</para>
+        <section id="sect-Security_Guide-CVE-yum_plugin">
+        <title>YUM Plugin</title>
+		<para>
+		The yum-plugin-security package is a feature of Fedora. If installed, the yum module provided by this package can be used to limit yum to retrieve only security-related updates. It can also be used to provide information about which Red Hat advisory, bug in Red Hat’s Bugzilla database, or CVE number from MITRE’s Common Vulnerabilities and Exposures directory is addressed by a package update.
+		</para>
+		<para>
+		Enabling these features is as simple as running ‘<command>yum install yum-plugin-security</command>’.
+		</para>
+	</section>
+	<section id="sect-Security_Guide-CVE-yum_plugin-using_yum_plugin_security">
+	<title>Using yum-plugin-security</title>
+	<para>
+	The first new subcommand this adds is ‘yum list-sec’. This is similar to ‘yum check-update’, except that it also lists Red Hat’s advisory ID number and the classification of each update as “enhancement”, “bugfix”, or “security”:
+
+RHSA-2007:1128-6 security autofs - 1:5.0.1-0.rc2.55.el5.1.i386
+RHSA-2007:1078-3 security cairo - 1.2.4-3.el5_1.i386
+RHSA-2007:1021-3 security cups - 1:1.2.4-11.14.el5_1.3.i386
+RHSA-2007:1021-3 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386
+	</para>
+	<para>
+If ‘yum list-sec cves’ is used, the Red Hat advisory ID is replaced with the CVE IDs addressed by the update; if ‘yum list-sec bzs’ is used, the advisory ID is replaced by the Red Hat Bugzilla IDs which are addressed by the update. If a package addresses multiple bugs in Bugzilla or CVE IDs, the package may be listed multiple times:
+
+Example output of ‘yum list-sec bzs’:
+
+410031 security autofs - 1:5.0.1-0.rc2.55.el5.1.i386
+387431 security cairo - 1.2.4-3.el5_1.i386
+345101 security cups - 1:1.2.4-11.14.el5_1.3.i386
+345111 security cups - 1:1.2.4-11.14.el5_1.3.i386
+345121 security cups - 1:1.2.4-11.14.el5_1.3.i386
+345101 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386
+345111 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386
+345121 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386
+
+Example output of ‘yum list-sec cves’:
+
+CVE-2007-5964 security autofs - 1:5.0.1-0.rc2.55.el5.1.i386
+CVE-2007-5503 security cairo - 1.2.4-3.el5_1.i386
+CVE-2007-5393 security cups - 1:1.2.4-11.14.el5_1.3.i386
+CVE-2007-5392 security cups - 1:1.2.4-11.14.el5_1.3.i386
+CVE-2007-4352 security cups - 1:1.2.4-11.14.el5_1.3.i386
+CVE-2007-5393 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386
+CVE-2007-5392 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386
+CVE-2007-4352 security cups-libs - 1:1.2.4-11.14.el5_1.3.i386
+	</para>
+	<para>
+The second new subcommand added by the yum-security package is ‘info-sec’. This subcommand takes an advisory number, CVE, or Bugzilla ID as an argument, and returns detailed information on the advisory, including a brief text discussion of the nature of the issue or issues being addressed by the advisory.
+	</para>
+	<para>
+In addition to these two new yum subcommands, new options are provided to the ‘yum update’ command to help apply only security-related updates, or only updates associated with a particular advisory or bug.
+	</para>
+	<para>
+To apply all security-related updates only:
+
+yum update --security
+
+To apply all updates related to bugzilla bug 410101:
+
+yum update --bz 410101
+
+To apply all updates related to the CVE ID CVE-2007-5707 and updates related to the Red Hat advisory ID RHSA-2007:1082-5:
+
+yum update --cve CVE-2007-5707 --advisory RHSA-2007:1082-5
+
+More information about these new capabilites is documented in the yum-security(8) man page.
+
+For more information on Red Hat security updates, please visit the security updates page on redhat.com. For more information on CVE, please visit the CVE info page.
+	</para>
+</section>
+</section>

More information about the docs-commits mailing list