cve-check-tool, as its name suggests, is a tool for checking known (public) CVEs. The tool will identify potentially vunlnerable software packages within Linux distributions through version matching. Where possible it will also seek to determine (through a distribution implemention) if a vulnerability has been addressed by way of a patch.
Clone the git repository
git clone https://github.com/clearlinux/cve-check-tool.git cd cve-check-tool
Execute autogen.sh
./autogen.sh
You might need some additional packages
configure: error: Package requirements ( glib-2.0 >= 2.36.0, gio-2.0 >= 2.36.0, libxml-2.0 >= 2.9.1, libcurl >= 7.29.0, gobject-2.0 >= 2.0, sqlite3, openssl >= 1.0.0
If you see the following message “No package 'sqlite3' found” but have sqlite3 installed, also install the following devel package
apt-get install libsqlite3-dev
Install CVE-Check-Tool
./autogen.sh make make install
Update the CVE feed
cve-check-update
There is no need to configure anything, but just in case, the files are at the following locations
/usr/lib/cve-check-tool/ /usr/share/cve-check-tool/ /usr/bin/cve-check-tool /usr/bin/cve-check-update