VMware ESX 4.0, Patch ESX400-201104401-SG: Updates Apps, VMware Tools, and VMkernel (1037258)
Release date: April 28, 2011
|Build Information||See KB 1037260.|
|Host Reboot Required||Yes|
|Virtual Machine Migration or Shutdown Required||Yes|
|PRs Fixed||702120, 702107, 685515|
|Related CVE numbers||
Summaries and Symptoms
On an HP system, if you apply this patch and then restart the ESX host, you must update the software components to the version signed with the new key. You can download the HP Management Agent for VMware ESX 4.x (hpmgmt-8.7.0-vmware4x.tgz) from the HP Web site. If you do not restart the host, it continues to work with the currently installed and loaded software. However, the ESX host rejects software signed with the revoked key and logs a warning if the system loads any kernel module signed with the revoked key. This might cause certain HP features to fail.
By sending malicious network traffic to an ESX host, an attacker might exhaust the available sockets and prevent further connections to the host. In this scenario, a host becomes inaccessible, its virtual machines continue to run and have network connectivity but a reboot of the ESX host might be required to connect to the machine again. The ESX host might intermittently lose connectivity caused by applications that do not correctly close sockets. If this occurs, an error message similar to the following might be written to the vpxa log file:
socket() returns -1 (Cannot allocate memory)
An error message similar to the following might be written to the VMkernel log file:
socreate(type=2, proto=17) failed with error 55
None beyond the required patch bundles and reboot information listed in the table above.
Patch Download and Installation
See the VMware vCenter Update Manager Administration Guide for instructions on using Update Manager to download and install patches to automatically update ESX 4.0 hosts.
To update ESX 4.0 hosts when not using Update Manager, download the patch ZIP file from http://support.vmware.com/selfsupport/download/ and install the bulletin using esxupdate from the command line of the host. For more information, see the ESX 4 Patch Management Guide.