have you checked oracle website and oracle metalink ?
You can check via the Oracle Linux CVE database: http://linux.oracle.com/cve
Just enter the CVE number and it'll tell you what package version (if any) resolves that CVE. Though, many of the CVEs listed on that page you've provided do not apply to either Red Hat or Oracle Linux.
Why bother asking if you do not have the time to read and evaluate each US-CERT bulletin or CVE, or do not have the necessary understanding to judge the practical impact in your environment? If you are looking for a general answer how to deal with security issues, then simply apply regular software updates. Updates for Oracle Linux, unlike Red Hat, are provided for free without the need for a subscription.
You can install and list available security patches using yum, e.g.:
To find out what CVE patches have been applied:
rpm -qa --changelog | grep CVE
Thanks for your quick reply. In effect, our Managment hope to know what sort of Vulnerabiliy's published in US-CERT bullein that will affect the Oracle Linux. So, we hope to know if those mentioned CVE related to Redhhat will affect Oracle Linux as well. Hope that is more clear about our orginal Question. Thanks in advance.
Thanks for alll who have give us a reply promptly. But, we really hope to know if those Redhat related CVE will affect Oracle Linux as well. Thanks in advance.
Beside the Oracle UEK kernel and other Oracle specific software, OL and RHEL use the same source code. You will have to distinguish between the kernel space and user space. Security issues that apply to the RHEL user space have a potential to also apply to the Oracle Linux user space as well.
One cannot really criticize the efforts by US-Cert, but to my experience, it always sounds critical and the practical aspects are typically exaggerated. The urge or importance is often driven by the press for political reasons or simply by people who do not understand the technical circumstances and how vulnerabilities are applicable to their environment.
Unless you really want to go into the very details and analysis of CVE's and have the necessary technical background to evaluate vulnerabilities, I suggest to leave it up to Oracle to determine. The easiest way is to simply apply security updates on a regular basis.
Thans for you further elaboration. It really helps.