VMware ESXi 5.5, Patch ESXi550-201404420-SG: Updates esx-base (2076589)
Release Date: April 19, 2014
|Build||For build information, see KB 2076586.|
|Host Reboot Required||Yes|
|Virtual Machine Migration or Shutdown Required||Yes|
|Related CVE numbers||CVE-2014-0160|
Summaries and Symptoms
This patch updates the esx-base VIB to resolve the following issue:
PR1227131: The OpenSSL version is updated to 1.0.1g to address the Heartbleed vulnerability.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-0160 to this issue.
Note: To completely resolve this issue, you also need to replace certificates and change passwords. For more information, see Resolving OpenSSL Heartbleed for ESXi 5.5 - CVE-2014-0160 (2076665).
Patch Download and Installation
The typical way to apply patches to ESXi hosts is through the VMware Update Manager. For details, see the Installing and Administering VMware vSphere Update Manager.
ESXi hosts can be updated by manually downloading the patch ZIP file from the VMware download page and installing the VIB by using the esxcli software vib command. Additionally, the system can be updated using the image profile and the esxcli software profile command. For details, see the vSphere Command-Line Interface Concepts and Examples and the vSphere Upgrade Guide.