Hello,

I'm looking for a tool which uses a list of all installed packages and then checks if there are known vulnerabilities for the installed version in the CVE-database. Ideally the tool would also perform a check to see if there is an official patch available from the Ubuntu-team for the CVE-Number.

I could probably keep an eye on Lists like http://people.canonical.com/~ubuntu-.../cve/main.html, where I would have to find out if I'm using the listed software and if my version is already patched. Or I could use a tool like "cvechecker" (http://cvechecker.sourceforge.net) to search the CVE-database with precompiled lists of binaries which doesn't take my installed version or available patches from Ubuntu into account.

Does anyone know a tool which makes checking for vulnerabilities in the CVE-database more convenient? Does a scanner like Nessus handle that sort of thing?