Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

VMware ESXi 5.0 Patch Image Profile ESXi-5.0.0-20131001001s-standard (2055562)

Details

Release date: October 17, 2013

 
Profile Name ESXi-5.0.0-20131001001s-standard
Build For build information, see KB 2055559.
Vendor VMware, Inc
Release Date
October 17, 2013
Acceptance Level PartnerSupported
Affected Hardware N/A
Affected Software N/A
Affected VIBs VMware: esx-base_5.0.0-2.38.1311177
VMware: net-bnx2x_1.61.15.v50.1-2vmw.500.2.38.1311177
VMware: misc-drivers_5.0.0-2.38.1311177
PRs Fixed 952737, 989852, 935530, 1002222, 942191, 951764, 1020789, 1027266
Related CVE numbers CVE-2013-0169, CVE-2013-0166, CVE-2013-0338, and CVE-2013-5970

 

 
For information on patch and update classification, see KB 2014447.
 

Solution

Summaries and Symptoms

This patch updates the net-bnx2x VIB to address a stability issue, and updates the esx-base VIB to resolve the following issues:

  • PR 989852: The ESXi userworld OpenSSL library is updated to version openssl-0.9.8y to resolve multiple security issues.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-0169 and CVE-2013-0166.
  • PR 935530, 1002222: The ESXi userworld libxml2 library has been updated to resolve a security issue.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-0338 to these issues.
  • PR 942191: The ESXi userworld libxslt package is updated.
  • PR 951764: VMware ESXi and ESX contain a vulnerability in hostd-vmdb. To exploit this vulnerability, an attacker must intercept and modify the management traffic. Exploitation of the issue may lead to a Denial of Service of the hostd-vmdb service.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-5970 to this issue.
In addition, this patch also resolves the following issue:
  • PR 1020789: During the remediation process of an ESXi host against a patch baseline that consists of bulletins that have only Reboot impact, Update Manager fails to power off or suspend the virtual machines that are on the host. As a result the host cannot enter maintenance mode, and the remediation cannot be completed.

    This issue is resolved in bulletins created in this release and later.

  • PR 1027266: Updates the misc-drivers VIB to implement an infrastructure change to prevent installation of incompatible versions of esx-base and misc-drivers VIBs together.

Deployment Considerations

None beyond the required patch bundles and reboot information listed in the table above.

Patch Download and Installation

An ESXi system can be updated using the image profile, by using the esxcli software profile command. For details, see the vSphere Command-Line Interface Concepts and Examples and the vSphere Upgrade Guide.For information about image profiles and how it applies to ESXi 5.0 hosts, see Image Profiles of ESXi 5.0 Hosts (KB 2009231). ESXi hosts can also be updated by manually downloading the patch ZIP file from the VMware download page and installing the VIB by using the esxcli software vib command.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 0 Ratings
Actions
KB: