Yes, the actual script which i wrote will give plenty of output like STATEMENT,MITIGATION,FIXED RELEASES,FIX_STATE. Please see the actual out put from the script.
CVE-2017-5581
SEVERITY : Low Impact
DATE : 2017-01-13
CWE : CWE-119
CVSS3 : 3.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)
UPSTREAM_FIX : tigervnc 1.7.1
FIXED_RELEASES :
Red Hat Enterprise Linux 6: [tigervnc-1.1.0-24.el6] via RHSA-2017:0630 (2017-03-21)
FIX_STATES :
Affected: Red Hat Enterprise Linux 7 [tigervnc]
CVE-2017-6074
SEVERITY : Important Impact
DATE : 2017-02-22
CWE : CWE-416
CVSS3 : 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
ACKNOWLEDGEMENT :
Red Hat would like to thank Andrey Konovalov (Google) for reporting this issue.
STATEMENT :
This issue affects Red Hat Enterprise Linux 5, 6, 7, and Red Hat Enterprise MRG 2 kernels. As this issue is rated as Important, it has been scheduled to be fixed in a
future version of Red Hat Enterprise Linux 5, 6, 7, and Red Hat Enterprise MRG 2 kernels.
MITIGATION :
Recent versions of the SELinux policy can mitigate this flaw. The steps below will work with SELinux enabled or disabled. As the DCCP module will be auto-loaded when
required, its use can be disabled by preventing the module from loading with the following instructions: # echo "install dccp /bin/true" >> /etc/modprobe.d/disable-
dccp.conf The system will need to be restarted if the DCCP modules are loaded. In most circumstances, the DCCP kernel modules will be unable to be unloaded while any
network interfaces are active and the protocol is in use. If you need further assistance, see KCS article
https://access.redhat.com/solutions/41278 or contact Red Hat
Global Support Services.
FIXED_RELEASES :
Red Hat Enterprise Linux 5: [kernel-2.6.18-419.el5] via RHSA-2017:0323 (2017-02-24)
Red Hat Enterprise Linux 6: [kernel-2.6.32-642.13.2.el6] via RHSA-2017:0293 (2017-02-22)
RHEV Hypervisor for RHEL-6: [rhev-hypervisor7-7.3-20170425.0.el6ev] via RHSA-2017:1209 (2017-05-09)
Red Hat Enterprise Linux 7: [kernel-3.10.0-514.6.2.el7] via RHSA-2017:0294 (2017-02-22)
Managment Agent for RHEL 7 Hosts: [rhev-hypervisor7-7.3-20170425.0.el7ev] via RHSA-2017:1209 (2017-05-09)
Red Hat Enterprise Linux Long Life (v. 5.9 server): [kernel-2.6.18-348.33.1.el5] via RHSA-2017:0346 (2017-02-28)
Red Hat Enterprise Linux Advanced Update Support 6.4: [kernel-2.6.32-358.77.1.el6] via RHSA-2017:0345 (2017-02-28)
Red Hat Enterprise Linux Advanced Update Support 6.5: [kernel-2.6.32-431.78.1.el6] via RHSA-2017:0366 (2017-03-01)
Red Hat Enterprise Linux Advanced Update Support 6.6: [kernel-2.6.32-504.57.1.el6] via RHSA-2017:0324 (2017-02-24)
Red Hat Enterprise Linux Extended Update Support 6.7: [kernel-2.6.32-573.40.1.el6] via RHSA-2017:0316 (2017-02-23)
Red Hat Enterprise Linux Extended Update Support 7.1: [kernel-3.10.0-229.49.1.el7] via RHSA-2017:0403 (2017-03-02)
Red Hat Enterprise Linux Extended Update Support 7.2: [kernel-3.10.0-327.49.2.el7] via RHSA-2017:0501 (2017-03-14)
Red Hat Enterprise Linux Long Life (v. 5.6 server): [kernel-2.6.18-238.58.1.el5] via RHSA-2017:0347 (2017-02-28)
Red Hat Enterprise Linux Advanced Update Support 6.2: [kernel-2.6.32-220.70.1.el6] via RHSA-2017:0365 (2017-03-01)
Red Hat Enterprise Linux Server TUS (v. 6.5): [kernel-2.6.32-431.78.1.el6] via RHSA-2017:0366 (2017-03-01)
Red Hat Enterprise Linux Server TUS (v. 6.6): [kernel-2.6.32-504.57.1.el6] via RHSA-2017:0324 (2017-02-24)
MRG Grid for RHEL 6 Server v.2: [kernel-rt-1:3.10.0-514.rt56.219.el6rt] via RHSA-2017:0932 (2017-04-12)
Red Hat Enterprise Linux for Real Time for NFV (v. 7): [kernel-rt-3.10.0-514.6.1.rt56.430.el7] via RHSA-2017:0295 (2017-02-22)
FIX_STATES :
Affected: Red Hat Enterprise MRG 2 [realtime-kernel]
Affected: RHEV-M for Servers [distribution]
Affected: RHEV-M 4.0 [distribution]
I made the script to write all these output to a simple txt file.
And then i used cat /tmp/cveoutput.txt | grep -A 2 "CVE" | cut -f2 -d ":" | grep -v '^//' | tr '\t' ' ' which actually filtered the feilds and got me the one which i am looking for like this.
CVE-2017-3289
Critical Impact
2017-01-17
--
CVE-2017-5335
Moderate Impact
2017-01-10
--
CVE-2017-5336
Moderate Impact
2017-01-10
--
CVE-2017-5337
Moderate Impact
2017-01-10
I googled and found sed or awk can perform which i am looking for, so i tried to add awk ( i am not that familer with sed & awk ) but still tried this.
cat cveoutput.txt | grep -A 2 "CVE" | cut -f2 -d ":" | grep -v '^//' | tr '\t' ' ' | awk '{OFS=RS;$1=$1}2'
which gave me an out put as
CVE-2017-5337
Moderate
Impact
2017-01-10
--
CVE-2017-5581
Low
Impact
2017-01-13
--
CVE-2017-6074
Important
Impact
2017-02-22
I also went through couple of other sites to see if some one has already done this or anything similar, so that i can try all possible combination and get what i want.
I don need full command, all i need is just some tips on how to make this and what type of command to use to archive my output.