Knowledge Base

Search the Knowledge Base:
Products:
Search In:
 

ESX Server 3.0.1, Patch ESX-1005112: Enabling Root Password Expiry; VirtualCenter 2.5 Displays an Error When a Virtual Machine is Powered on; Third Party Library libpng Updated to 1.2.29

Details

Release Date: 08/28/08
Document Last Updated: 08/28/08
 
ad645cef0f9fa18bb648ba5a37074732
Product Versions ESX Server 3.0.1
Patch Classification Security
Supersedes ESX-1004725
Virtual Machine Migration or Reboot Required No
ESX Server Host Reboot Required No
PRs Fixed 295985, 237629, 281597
Affected Hardware N/A
Affected Software libpng, VMware VirtualCenter 2.5
RPMs Included VMware-esx-hostd
Related CVE numbers CVE-2007-5269

Summary

This patch fixes the following issues:

  • Previously, the root password expiry information was not preserved across hostd restarts. A new tag called rootPasswdExpiration is added to the /etc/vmware/hostd/config.xml file. If this rootPasswdExpiration tag is set to true , then the number of days to expiry will be preserved across hostd restarts.
        After setting the rootPasswdExpiration tag in the /etc/vmware/hostd/config.xml file as True , run the following command:
     chage –M <X> root
        Here, X is the number of days till expiration.
 
          Example: chage -M <60> root indicates the root password will expire after 60 days
          Note: As the default value of rootPasswdExpiration tag is set as False , this fix will not impact customers who do not want the root password to expire.
  • VMware VirtualCenter 2.5 displays an error message when a virtual machine is powered on with a passthrough attached SCSI Tape device.
  • Several flaws were discovered in the way third party library libpng handled various PNG image chunks. An attacker could create a carefully crafted PNG image file in such a way that it causes an application linked with libpng to crash when the file is manipulated.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5269 to the security issue fixed in this update.  To complete the fix, install and ESX-1005112 and ESX-1005108.

Solution

Symptoms

The following symptom might occur without this patch:

  • VirtualCenter 2.5 displays a Device 'SCSI Device 1' has a backing type that is not supported. This is a general limitation of the host error message when a virtual machine is powered on with a passthrough attached SCSI Tape device. 

 
Deployment Considerations
 
To address the libpng issue, you must install ESX-1005112 and ESX-1005108 to complete the fix.

Download Instructions

Download and verify the patch bundle as follows:

  1. Download patch ESX-1005112 from http://www.vmware.com/download/vi/vi3_patches.html.

  2. Log in to the ESX Server service console as root.

  3. Create a local depot directory.

    # mkdir -p /var/updates

    Note: VMware recommends that you use the updates directory.

  4. Change your working directory to /var/updates.

    # cd /var/updates
  5. Download the tar file into the /var/updates directory.

  6. Verify the integrity of the downloaded tar file:

    # md5sum ESX-1005112.tgz

    The md5 checksum output should match the following:

    ad645cef0f9fa18bb648ba5a37074732 ESX-1005112.tgz
  7. Extract the compressed tar archive:

    # tar -xvzf ESX-1005112.tgz
  8. Change to the newly created directory, /var/updates/ESX-1005112:

    # cd ESX-1005112  

Installation Instructions

After you download and extract the archive, and if you are in the directory that you previously created, use the following command to install the update:

# esxupdate update

To run esxupdate from a different directory, you must specify the bundle path in the command:

# esxupdate -r file://<directory>/ESX-1005112 update

For example, if the host is called depot:

# esxupdate -r file:///depot/var/updates/ESX-1005112 update

During the update process, logs appear on the terminal. You can specify the verbosity of esxupdate logs by using the -v option as shown, below.

# esxupdate -v 10 file://<directory>/ESX-1005112 update

For more information on how to use esxupdate, see the Patch Management for ESX Server 3 tech note at http://www.vmware.com/pdf/esx3_esxupdate.pdf.

Keywords

esxpatch;esx301

Feedback

Rating: 1 - Lowest 2 3 4 5 - Highest (0 Ratings)   

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (2000 or fewer characters)
Submit
Rating: 1 - Lowest 2 3 4 5 - Highest (0 Ratings)   
Actions
  • KB Article: 1005112
  • Updated: Aug 14, 2009
  • Products:
    VMware ESX
  • Product Versions:
    VMware ESX 3.0.x