Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides

Search the VMware Knowledge Base (KB)

View by Article ID

VMware ESX 3.5, Patch ESX350-200910401-SG: Updates VMkernel, Tools, hostd (1013124)

Details

Release Date: October 16, 2009

Download Size:

303 MB

Download Filename:
ESX350-200910401-SG.zip
md5sum:

73435b0495a61b00bedbead140b2a262

Product Versions	ESX 3.5
Build	199239
Patch Classification	Security
Supersedes	ESX350-200712407-BG ESX350-200712409-BG ESX350-200712410-BG ESX350-200802401-BG ESX350-200802409-BG ESX350-200802410-BG ESX350-200802411-BG ESX350-200802412-BG ESX350-200803202-UG ESX350-200803211-UG ESX350-200803217-UG ESX350-200804401-BG ESX350-200804402-BG ESX350-200804403-BG ESX350-200804407-BG ESX350-200805501-BG ESX350-200805503-BG ESX350-200805515-SG ESX350-200806203-UG ESX350-200806207-UG ESX350-200806209-UG ESX350-200806401-BG ESX350-200806402-BG ESX350-200806405-BG ESX350-200806812-BG ESX350-200808203-UG ESX350-200808207-UG ESX350-200808209-UG ESX350-200808401-BG ESX350-200808402-BG ESX350-200808412-BG ESX350-200809404-SG ESX350-200811401-SG ESX350-200811409-BG ESX350-200901401-SG ESX350-200901404-BG ESX350-200901405-BG ESX350-200901406-BG ESX350-200903224-UG ESX350-200903412-BG ESX350-200904201-SG ESX350-200904401-BG ESX350-200904405-BG ESX350-200904409-BG ESX350-200905401-BG ESX350-200905402-BG ESX350-200905405-BG ESX350-200906401-BG ESX350-200906403-BG ESX350-200906406-BG ESX350-200906408-BG ESX350-200907403-BG ESX350-200907404-BG ESX350-200907405-BG ESX350-200907407-BG ESX350-200908402-BG ESX350-200908404-BG ESX350-200908405-BG ESX350-200908406-BG ESX350-200908407-BG
Requires	ESX350-200810201-UG ESX350-200903201-UG ESX350-200910402-BG
Virtual Machine Migration or Reboot Required	Yes
Host Reboot Required	Yes
PRs Fixed	358372, 449158, 403926, 419957, 262609, 449508
Affected Hardware	Emulex HBAs
Affected Software	VMware Tools, ISC third-party DHCP client
RPMs Included	VMware-esx-apps VMware-esx-backuptools VMware-esx-lnxcfg VMware-esx-srvrmgmt VMware-esx-tools VMware-esx-vmkctl VMware-esx-vmkernel VMware-esx-vmx VMware-hostd-esx kernel-source kernel-vmnix
Related CVE Numbers	CVE-2008-4210, CVE-2008-3275, CVE-2008-0598, CVE-2008-2136, CVE-2008-2812, CVE-2007-6063, CVE-2008-3525, and CVE-2009-0692

Solution

Summary

This patch contains the following fixes and enhancements:

This patch updates the service console kernel version to kernel-2.4.21-58.EL. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-4210, CVE-2008-3275, CVE-2008-0598, CVE-2008-2136, CVE-2008-2812, CVE-2007-6063, and CVE-2008-3525 to the security issues fixed in kernel-2.4.21-58.EL.

This patch reduces the boot time of ESX hosts and should be applied when multiple ESX hosts detect LUNs used for Microsoft Cluster Service (MSCS).

Symptom: Error messages similar to the following might be logged in the /var/log/vmkernel log file of the service console:

Jul 24 14:34:24 VMEX3EQCH1100003 vmkernel: 165:15:48:57.500 cpu0:1033)WARNING: SCSI: 5519: Failing I/O due to too many reservation conflicts

Jul 24 14:34:24 VMEX3EQCH1100003 vmkernel: 165:15:48:57.500 cpu0:1033)WARNING: SCSI: 5615: status SCSI reservation conflict, rstatus 0xc0de01 for vmhba1:0:9. residual R 919, CR 0, ER 3

Jul 24 14:34:24 VMEX3EQCH1100003 vmkernel: 165:15:48:57.500 cpu0:1033)SCSI: 6608: Partition table read from device vmhba1:0:9 failed: SCSI reservation conflict (0xbad0022)

Any additional lines or customizations added by a user in the /etc/fstab file are deleted when VMware Tools is reinstalled or reconfigured. This issue occurs because when uninstalling, VMware Tools restores the files which were backed up during installation.

After applying this patch, any request for connection with ESX 3.5 using cipher suite of 56-bit encryption will be dropped. As a result, browsers that exclusively use cipher suites with 40-bit and 56-bit encryption cannot connect to ESX 3.5. Microsoft has made the Internet Explorer High Encryption Pack available for Internet Explorer 5.01 and earlier. Internet Explorer 5.5 and higher versions already use 128-bit encryption. 56-bit encryption and below is considered weak encryption and should no longer be used.

This patch contains a fix for a security vulnerability in the ISC third-party DHCP client. This vulnerability allows for code execution in the client by a remote DHCP server through a specially crafted subnet-mask option. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0692 to this issue.

Deployment Considerations

Before installing this patch, refer KB 1014799.

Patch Download and Installation

Note: All virtual machines on the ESX host must be either shut down or migrated using VMotion before applying the patch. A reboot of the ESX host is required after applying this patch.

See the vCenter Update Manager Administration Guide for instructions on using Update Manager to download and install patches to automatically update ESX 3.5 hosts.

To update ESX 3.5 hosts when not using Update Manager, download the most recent patch bundle from http://www.vmware.com/download/vi/vi3_patches_35.html and install the bundle using esxupdate from the command line of the host. For more information, see the ESX Server 3 Patch Management Guide.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

1 2 3 4 5
3 Ratings

1 2 3 4 5
3 Ratings

Actions

Bookmark Document

KB:

Did this article help you?
This article resolved my issue. This article did not resolve my issue. This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)