Patch CVEs on Rocky Linux
StackPatch indexes the OSV.dev (Rocky Linux ecosystem) (osv.dev) for 3 Rocky Linux releases: 10 · 9 · 8. The workflow below shows the exact dnf + rpm commands to detect, remediate, and verify a CVE.
5-second free check
curl https://mindsparkstack.com/scan.sh | bash
On Rocky Linux the agent uses rpm -qa --qf '%{NAME}\t%{EPOCH}:%{VERSION}-%{RELEASE}\n' to enumerate installed packages, then matches against osv.dev via the StackPatch matcher API. Source as plain text.
Manual workflow
1. Enumerate installed packages
rpm -qa --qf '%{NAME}\t%{EPOCH}:%{VERSION}-%{RELEASE}\n' | head -2002. Look up an example CVE
CVE-2022-0778 — affects
opensslon Rocky Linux. Each CVE page shows the exact fixed_version per release.3. Upgrade with dnf + rpm
sudo dnf upgrade -y <package>
4. Verify the version landed
Re-run the quickscan, or use the per-package check listed above.
Rocky Linux-specific notes
- • Rocky Linux is RHEL-binary-compatible; same patches as upstream RHEL but free.
- • Rocky Linux 8 has 941 packages indexed; v9 has 345; v10 has 139 (smaller because newer).
- • Same dnf workflow as AlmaLinux — most commands are interchangeable.
Other distros
Continuous monitoring across all your Rocky Linux servers
Hourly inventory + matcher + email/webhook alerts + public audit URL per server. $99 lifetime, 50 founder seats. Works on every Rocky Linux release listed above.