RPM change log can be used to view when a package was last updated
It can also be used to view if a specific version of a package (eg. php) has been patched for a known vulnerability
# rpm -qa | grep php | grep .x86_64 php-xml-5.3.3-40.el6_6.x86_64 php-snmp-5.3.3-40.el6_6.x86_64 php-tidy-5.3.3-40.el6_6.x86_64 php-bcmath-5.3.3-40.el6_6.x86_64 php-fpm-5.3.3-40.el6_6.x86_64 php-5.3.3-40.el6_6.x86_64 php-mysql-5.3.3-40.el6_6.x86_64 php-xmlrpc-5.3.3-40.el6_6.x86_64 php-mbstring-5.3.3-40.el6_6.x86_64 php-common-5.3.3-40.el6_6.x86_64 php-pspell-5.3.3-40.el6_6.x86_64 php-pecl-memcache-3.0.5-4.el6.x86_64 php-mcrypt-5.3.3-3.el6.x86_64 php-cli-5.3.3-40.el6_6.x86_64 php-pdo-5.3.3-40.el6_6.x86_64 php-gd-5.3.3-40.el6_6.x86_64 php-devel-5.3.3-40.el6_6.x86_64We can see that the current version installed on the system is: php-5.3.3-40.el6_6.x86_64
rpm -q php-5.3.3 --changelog | head -20Example output:
[root@LLL ~]# rpm -q php-5.3.3 --changelog | head -20 * Thu Oct 23 2014 Jan Kaluza <[email protected]> - 5.3.3-40 - fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710 * Tue Oct 21 2014 Remi Collet <[email protected]> - 5.3.3-39 - xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668 - core: fix integer overflow in unserialize() CVE-2014-3669 - exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670 * Wed Sep 10 2014 Remi Collet <[email protected]> - 5.3.3-38 - spl: fix use-after-free in ArrayIterator due to object change during sorting. CVE-2014-4698 - spl: fix use-after-free in SPL Iterators. CVE-2014-4670 * Thu Aug 14 2014 Remi Collet <[email protected]> - 5.3.3-37 - gd: fix NULL pointer dereference in gdImageCreateFromXpm. CVE-2014-2497 - fileinfo: fix incomplete fix for CVE-2012-1571 in cdf_read_property_info. CVE-2014-3587 - core: fix incomplete fix for CVE-2014-4049 DNS TXT record parsing. CVE-2014-3597