To find if a package installed through APT on Debian/Ubuntu Linux includes a fix for a specific Common Vulnerabilities and Exposures (CVE) number, you can use the following steps:
- Update the package information database:
sudo apt update
- Install the
apt-show-versionspackage, which provides information about the installed versions of packages and the available upgrades:
sudo apt install apt-show-versions
- Use the
apt-show-versionscommand to check if the package you’re interested in has a fix for a specific CVE number:
apt-show-versions <package_name>
- Look for the CVE number in the output of the
apt-show-versionscommand. If the package includes a fix for the CVE, it should be mentioned in the “Changelog” section of the output.
For example, to check if the openssl package includes a fix for CVE-2014-0160 (also known as the “Heartbleed” vulnerability), you can run the following command:
apt-show-versions openssl
Note: Replace <package_name> with the name of the package you’re interested in.