Checking Exposure to Known Vulnerabilities

OS Management provides a search facility that you can use to check individual Common Vulnerabilities and Exposures (CVEs) to determine the level of exposure in your tenancy. CVEs provide standard names for publicly known security vulnerabilities and exposures that are cataloged in a dictionary-type format for reference.

The CVE search facility enables you to search for a CVE, to see the packages and instances affected by the CVE, and to push out package updates to instances to patch them.

Important

The search facility for CVEs is available only for Linux distributions at this time.

Using the Console

To check exposure to known vulnerabilities
  1. Open the navigation menu and click Compute. Under OS Management, click CVEs.
  2. In the List Scope section, select the compartment you want to work with.
  3. In the search box, enter the CVE ID you want to check and press Return.
    Note

    The CVE search facility only supports exact match based on CVE ID.

    If a match for the CVE ID is found, a list of packages affected by the CVE is displayed.

  4. In the list of packages, click the name of a package to display the Package Details screen.
  5. To update the package on instances, click Install.
  6. In the Install Selected Packages dialog box, select the instances you want to update, and click Install.

    A work request is created to update the package on the selected instances.