yum update で対策される脆弱性をリストアップできるらしいです。
利用法
[ec2-user@www ~]$ yum updateinfo list cves|grep openssl CVE-2015-3194 medium/Sec. openssl-1:1.0.1k-13.88.amzn1.x86_64 CVE-2015-3195 medium/Sec. openssl-1:1.0.1k-13.88.amzn1.x86_64 CVE-2015-3196 medium/Sec. openssl-1:1.0.1k-13.88.amzn1.x86_64 CVE-2016-0702 important/Sec. openssl-1:1.0.1k-14.89.amzn1.x86_64 CVE-2015-7575 important/Sec. openssl-1:1.0.1k-14.89.amzn1.x86_64 CVE-2016-0705 important/Sec. openssl-1:1.0.1k-14.89.amzn1.x86_64 CVE-2016-0800 important/Sec. openssl-1:1.0.1k-14.89.amzn1.x86_64 CVE-2016-0799 important/Sec. openssl-1:1.0.1k-14.89.amzn1.x86_64 CVE-2015-3197 important/Sec. openssl-1:1.0.1k-14.89.amzn1.x86_64 CVE-2016-0797 important/Sec. openssl-1:1.0.1k-14.89.amzn1.x86_64 CVE-2015-3194 medium/Sec. openssl-devel-1:1.0.1k-13.88.amzn1.x86_64 CVE-2015-3195 medium/Sec. openssl-devel-1:1.0.1k-13.88.amzn1.x86_64 CVE-2015-3196 medium/Sec. openssl-devel-1:1.0.1k-13.88.amzn1.x86_64 CVE-2016-0702 important/Sec. openssl-devel-1:1.0.1k-14.89.amzn1.x86_64 CVE-2015-7575 important/Sec. openssl-devel-1:1.0.1k-14.89.amzn1.x86_64 CVE-2016-0705 important/Sec. openssl-devel-1:1.0.1k-14.89.amzn1.x86_64 CVE-2016-0800 important/Sec. openssl-devel-1:1.0.1k-14.89.amzn1.x86_64 CVE-2016-0799 important/Sec. openssl-devel-1:1.0.1k-14.89.amzn1.x86_64 CVE-2015-3197 important/Sec. openssl-devel-1:1.0.1k-14.89.amzn1.x86_64 CVE-2016-0797 important/Sec. openssl-devel-1:1.0.1k-14.89.amzn1.x86_64
プラグインインストール
sudo yum install yum-plugin-security
