Vulnerability and Patch-Management in Linux (and other Unix)

Hi,

we've amassed a veritable "zoo" of Unix-versions: RHEL4+5, CS5,
FreeBSD, Ubuntu and lately Solaris.
We use these for a variety of reasons and each system does its job quite
well.

However, patch-management seems to be a weak spot in most cases.
RedHat offers "RedHat Network", but it costs a lot of money (and they
charge more if you want to put your servers in groups in the RHN - WTF?)
FreeBSD offers the portaudit database - we should be able to hack
together something with that.
But what about CS? If you have an array of CS servers - how do
you track which vulnerabilities each one has?
Running yum update every night is no option.

Does CS also maintain a vulnerability database along the lines of
FreeBSD?
How about Solaris?
Ubuntu?

How do you track vulnerabilities across your datacenter?


Regards,

Rainer