Knowledge Base

Search the Knowledge Base:
Products:
Search In:
 

VMware ESXi 3.5 U2, Patch ESXe350-200808201-I-UG: Firmware Update

Details

Release Date: 8-13-2008
 
Product Versions ESXi 3.5 Update 2
Patch Classification Critical
ESX Server Host Reboot Required Yes
Restart hostd Required No
Maintenance Mode Required, Power Off or Migrate Virtual Machines Yes
PRs Fixed 218769, 221630, 237003, 237314, 244705, 247428, 249699, 252301, 268044, 272443, 274928, 275892
Affected Hardware
  • LSI MegaRAID SAS 1078 and 1064 controllers 
  • Emulex Lpe12000, Lpe12002, and LPe1250 HBAs
  • QLogic QLE2560 and QLE2562 HBAs
Affected Software

Windows Server 2008

Related CVE numbers CVE-2006-5823, CVE-2006-6054, CVE-2007-1592, CVE-2007-3848, CVE-2007-2172, CVE-2006-4538, CVE-2007-3739, CVE-2007-4308

Solution

Summaries and Symptoms

This bundle is a part of the ESX Server 3i version 3.5 Update 2 Installable and Embedded releases. For more information on the new features and fixes found in the release, see the relevant release notes at:
In addition to the Update 2 rollup, this patch fixes the following issues:
  • Concurrent VMFS volume rescans impact I/O performance.

  • Add support for VSS quiescing.

    When creating quiesced snapshot of Windows Server 2003 guests, both filesystem and application quiescing are supported. With Windows Server 2008 guests, only filesystem quiescing is supported.

  • Add support for Windows Server 2008 as a guest operating system.

  • Web Services Description Language (WSDL) and API reference documentation incorrectly specify properties of type MethodFault.

    Fixed an issue where the web services description language (WSDL) and API reference documentation refers to the type of certain properties as MethodFault, instead of LocalizedMethodFault. As a result, WSDL-based clients are unable to de-serialize responses from the server that contain properties of type MethodFault. The fix updates the WSDL and API reference documentation for faults to specify LocalizedMethodFault rather than MethodFault.

  • Add a lock mode (-l) to esxtop to help optimize CPU utilization.

    In a large ESX Server deployment that includes many LUNs, esxtop uses a lot of CPU while accessing storage statistics.

    To alleviate this problem, you can use the -l option with esxtop to enable lock mode. This option locks the entities (worlds, virtual CPUs, LUNs, NICs, and so on) for which statistics are displayed. Any new entities created during the esxtop session will not have statitistics displayed.

    Batch mode (-b) also implies lock mode.

  • ESX Server host crashes when unloading Bnx2x driver.

    This patch fixes an issue where the ESX Server host crashes when unloading the Bnx2x driver. An error message similar to the following might be displayed:

    VMware ESX Server [host name]
    Exception type 14 in world 1027:idle3 @ 0xa575d7

  • This patch updates the VMware MegaRAID SAS driver from 3.0.9 to 3.0.19. This update adds support for LSI MegaRAID SAS 1078 and 1064 controllers.

  • This patch updates the tg3 driver from 3.43b to 3.81c to take advantage of numerous upstream fixes in the drivers.

  • This patch updates the VMware Emulex driver from 7.4.0.13-1 to 7.4.0.13-2.

    This update adds support for 8Gbps fibre channel host bus adapters. Support is available for Emulex Lpe12000, Lpe12002, and LPe1250 HBAs; and QLogic QLE2560 and QLE2562 HBAs.

  • QLogic firmware updated to 4.03.02.

  • Update the service console kernel to 2.4.21-53.

    This fix provides security updates to the service console. Key areas affected by fixes in this update include the networking subsystem, dcache handling, the ext2 and ext3 file systems, the USB subsystem, ACPI handling, and the audit subsystem. There were also several isolated fixes in the tg3, e1000, megaraid_sas, and aacraid device drivers.

    The following security issues were fixed in this update:

    • A flaw in the cramfs file system that allowed invalid compressed data to cause memory corruption. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-5823 to this issue.

    • A flaw in the ext2 file system that allowed an invalid inode size to cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-6054 to this issue.

    • A flaw in IPV6 flow label handling that allowed a local user to cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-1592 to this issue.

    • A flaw in the handling of process death signals that allowed a local user to send arbitrary signals to the suid-process executed by that user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-3848 to this issue.

    • A flaw in IPv4 forwarding base that allowed a local user to cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-2172 to this issue.

    • A flaw in a corrupted executable file that might cause cross-region memory mappings on Itanium systems. This allowed a local user to cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-4538 to this issue.

    • A flaw in a stack expansion in the hugetlb kernel on PowerPC systems allowed a local user to cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-3739 to this issue.

    • A flaw in the aacraid SCSI driver allowed a local user to make ioctl calls to the driver, which should be restricted to privileged users. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4308 to this issue.

  • Resolves the issue described in KB 1005283, "Filenames over 64 characters in ESX Server ISO image may get truncated during content extraction."

Deployment Considerations

You must also install ESXe350-200808202-T-UG and ESXe350-200808203-C-UG with this bundle. All three bundles are part of the offline patch bundle, ESXe350-200808201-O-UG.

Patch Download and Installation

The typical way to apply patches to ESX Server 3i hosts is through the VMware Update Manager. For details, see the VMware Update Manager Administration Guide.

ESX Server 3i hosts can also be updated by downloading the most recent "O" (offline) patch bundle from http://www.vmware.com/download/vi/vi3_patches_3i.html and installing the bundle using Infrastructure Update through the VI Client or by using the vihostupdate command through the Remote Command Line Interface (RCLI). For details, see the ESX Server 3i Configuration Guide and the ESX Server 3i Embedded Setup Guide (Chapter 10, Maintaining ESX Server 3i and the VI Client) or the ESX Server 3i Installable Setup Guide (Chapter 11, Maintaining ESX Server 3i and the VI Client).

The offline patch bundle ESXe350-200808201-O-UG for the 13 AUGUST 2008 Update 2 release contains the following bundles:

  • ESXe350-200808201-I-UG: Firmware Update - Described in this KB.
  • ESXe350-200808202-T-UG: VMware Tools Update for ESXi - Described in KB 1005912.
  • ESXe350-200808203-C-UG: VI Client update for ESXi - Described in KB 1005913.

Note: ESX Server 3i hosts do not reboot automatically when you patch with the offline bundle.

This Article Replaces

This patch bundle replaces ESXe350-200807401-I-UG, released 7-25-2008.

Feedback

Rating: 1 - Lowest 2 3 4 5 - Highest (0 Ratings)   

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (2000 or fewer characters)
Submit
Rating: 1 - Lowest 2 3 4 5 - Highest (0 Ratings)   
Actions
  • KB Article: 1005911
  • Updated: Dec 12, 2008
  • Products:
    VMware ESXi
  • Product Versions:
    VMware ESXi 3.5.x Embedded
    VMware ESXi 3.5.x Installable