Knowledge Base

This patch updates the esx-base VIB to resolve the following issues:

• PR896262: The ESXi userworld libpng has been updated to libpng-1.2.50 to address a security vulnerability.
  
  The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-3048 to this issue.
  
  
• PR913712: When you enable BPDU (Bridge Protocol Data Unit) guard on the physical switch port, BPDU frames sent from the bridged virtual NIC cause the physical uplink to get disabled and as a result, the uplink goes down.
  
  Identify the host, which sent out the BPDU packets and set esxcfg-advcfg -s 1 /Net/BlockGuestBPDU on that host. This filters out and blocks BPDU packets from the guest. The virtual machines with the bridged virtual NICs should be powered on only after this filter is turned on for the filter to take effect.
  
  
• PR915067: The libpng library has been updated to libpng-1.2.49 to address a security vulnerability.
  
  The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-3048 to this issue.
  
  

Patch Download and Installation

The typical way to apply patch bulletin to ESXi hosts is through the VMware Update Manager. For details, see the Installing and Administering VMware vSphere Update Manager.

ESXi hosts can be updated by manually downloading the patch ZIP file from the VMware download page and installing the VIB by using the esxcli software vib command. Additionally, the system can be updated using the image profile and the esxcli software profile command. For details, see the vSphere Command-Line Interface Concepts and Examples and the vSphere Upgrade Guide.