ESX Server 3.0.1, Patch ESX-1005112: Enabling Root Password Expiry; VirtualCenter 2.5 Displays an Error When a Virtual Machine is Powered on; Third Party Library libpng Updated to 1.2.29 (1005112)
This patch fixes the following issues:
Previously, the root password expiry information was not preserved across hostd restarts. A new tag called rootPasswdExpiration is added to the /etc/vmware/hostd/config.xml file. If this rootPasswdExpiration tag is set to true , then the number of days to expiry will be preserved across hostd restarts.
VMware VirtualCenter 2.5 displays an error message when a virtual machine is powered on with a passthrough attached SCSI Tape device.
Several flaws were discovered in the way third party library libpng handled various PNG image chunks. An attacker could create a carefully crafted PNG image file in such a way that it causes an application linked with libpng to crash when the file is manipulated.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5269 to the security issue fixed in this update. To complete the fix, install and ESX-1005112 and ESX-1005108.
The following symptom might occur without this patch:
VirtualCenter 2.5 displays a Device 'SCSI Device 1' has a backing type that is not supported. This is a general limitation of the host error message when a virtual machine is powered on with a passthrough attached SCSI Tape device.
Download and verify the patch bundle as follows:
- Download patch ESX-1005112 from http://www.vmware.com/download/vi/vi3_patches.html.
- Log in to the ESX Server service console as root.
- Create a local depot directory.
# mkdir -p /var/updates
Note: VMware recommends that you use the updates directory.
- Change your working directory to /var/updates.
# cd /var/updates
- Download the tar file into the /var/updates directory.
- Verify the integrity of the downloaded tar file:
# md5sum ESX-1005112.tgz
The md5 checksum output should match the following:
- Extract the compressed tar archive:
# tar -xvzf ESX-1005112.tgz
- Change to the newly created directory, /var/updates/ESX-1005112:
# cd ESX-1005112
# esxupdate update
To run esxupdate from a different directory, you must specify the bundle path in the command:
# esxupdate -r file://<directory>/ESX-1005112 update
For example, if the host is called depot:
# esxupdate -r file:///depot/var/updates/ESX-1005112 update
During the update process, logs appear on the terminal. You can specify the verbosity of esxupdate logs by using the -v option as shown, below.
# esxupdate -v 10 file://<directory>/ESX-1005112 update
For more information on how to use esxupdate, see the Patch Management for ESX Server 3 tech note at http://www.vmware.com/pdf/esx3_esxupdate.pdf.