VMware ESXi, Patch ESXe350-200808501-I-SG: Firmware Update (1005818)
Release Date: 18-Sep-2008
Document Last Updated: 18-Sep-2008
Note: The three ESXi patches for Firmware "I", VMware Tools "T," and the VI Client "C" are contained in a single offline "O" download file.
Summaries and Symptoms
Security update to the Openwsman component of ESXi to fix the issue described in SUSE Security Announcement SUSE-SA:2008:041, "Two remote buffer overflows while decoding the HTTP basic authentication header (CVE-2008-2234)."
Note: ESXi is not affected by the other issue described in that security announcement, "A possible SSL session replay attack affecting the client (depending on the configuration) (CVE-2008-2233)."
- Several flaws were discovered in the way libpng handled various PNG image chunks. An attacker could create a carefully-crafted PNG image file in such a way that it causes an application linked with libpng to crash when the file is manipulated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5269 to the security issue fixed in this update.
This patch also fixes the following issues:
- The following problem occurs in a NIC team, when beaconing is enabled. If the down state of one uplink causes all uplinks to go down, transmit path (Tx) traffic flows through all uplinks. This patch lets ESX choose from uplinks that are up, instead of sending traffic on all uplinks.
- Using HTTP to access a datastore file whose name contains any of the characters * .? \\ does not work correctly.
- This patch fixes an issue where the software iSCSI initiator did not handle authentication failures as expected.
- Fixed a race condition in hostd that could potentially lead to a crash while performing a large number of VMotion jobs.
- Add support for virtual machines to work with SNA/DLC and NetBEUI network protocols.
The following hardware and software is affected:
- IBM AS/400 Mainframe
- Microsoft Host Integration Services (HIS)
- IBM Systems Network Architecture (SNA)
- Broadcast and multicast packets become duplicated in a virtual machine configuration where two NICs are teamed, promiscuous mode is enabled, and load balancing is set to use the source port ID.
- Connecting or disconnecting virtual serial ports unexpectedly shuts down virtual machines. This issue occurs when there are two serial ports on the same virtual machine and they are connected to each other using the same socket.
- 32-bit Windows virtual machines exhibit various problems when configured with versions 12.4 and 13.0 of the Intel PRO/1000 gigabit Ethernet device driver (e1000). The problems include possible guest or host crashes due to memory corruption.
- Update network load-balancing algorithm to match specifications document.
- This patch includes a fix to better support Broadcom RemotePHY backplanes on Dell PowerEdge blade servers.
- DRS development and performance improvement. This change prevents unexpected migration behavior.
- File system performance optimization. A cache holding file system data is undersized for some environments. Its size is increased.
- Enablement for IBM FC storage arrays.
When installing Red Hat Enterprise Linux 4.7 Beta in graphical mode or text mode on a virtual machine, moving the mouse cursor results in "Unknown key pressed" error messages and causes the installation to fail.
On HP servers with ESXi, resolves an issue that intermittently prevents the HP CRU driver from loading. Symptom: Advanced memory information as viewed in HP System Insight Manager might not update as expected.
- The bnx2 driver using the Broadcom 5706 chip running on the HP BladeSystem BL465c G1 does not report link status changes when the cable is pulled or the switch port is shutdown.
- Reduces snapshot delete time for a virtual machine's virtual disk on NFS datastores.
Important: Refer to Enabling the Snapshot Delete Fix under Deployment Considerations for caveats and specific instructions for enabling this fix.
Additional Details for CVE-2008-2234
Openwsman before 2.0.0 is not vulnerable to this issue. The ESXi 3.5 patch ESXe350-200808201-O-UG updated Openwsman to version 2.0.0. That patch is installed as part of the ESXi Update 2 release.
The ESXi host is using NFS as a datastore for running virtual machines.
Snapshots are used for virtual machines on the NFS datastore.
The NFS.lockdisable=1 option was used previously to reduce snapshot delete time.
Install the VIMA virtual appliance with RCLI. For information, see http://www.vmware.com/support/developer/vima/. When you use the vSphere Client to deploy vMA to an ESX/ESXi host, you can enter the following URL in the Deploy from URL field of the wizard:
Using the RCLI, copy the config file to /tmp or any other writable directory:
# vifs.pl --get /host/vmware_config /tmp
Modify the file by adding the line:
prefvmx.consolidateDeleteNFSLocks = "TRUE"
Transfer it to the ESXi server using the command:
# vifs.pl --put /tmp/vmware_config /host/vmware_config
Note: Third party virtual machine management agents might lose read access to the base virtual disk during snapshot delete operations.
Patch Download and Installation
The typical way to apply patches to ESXi hosts is through the VMware Update Manager. For details, see the VMware Update Manager Administration Guide.