VMware ESXi 6.5, Patch ESXi-6.5.0-20170304101-standard
Article ID: 328066
Updated On:
Products
VMware
Issue/Introduction
Profile Name | ESXi-6.5.0-20170304101-standard |
Build | For build information, see KB 2149572. |
Vendor | VMware, Inc. |
Release Date | Mar 28, 2017 |
Acceptance Level | PartnerSupported |
Affected Hardware | N/A |
Affected Software | N/A |
Affected VIBs |
|
PRs Fixed | NA |
Related CVE numbers | CVE-2017-4902, CVE-2017-4903, CVE-2017-4904, CVE-2017-4905 |
Resolution
Summaries and Symptoms
This patch resolves the following issues:
- ESXi has a heap buffer overflow and uninitialized stack memory usage in SVGA. These issues may allow a guest VM to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-4902 (heap issue) and CVE-2017-4903 (stack issue) to these issues.
- The ESXi XHCI controller has uninitialized memory usage. This issue may allow a guest VM to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4904 to this issue.
- ESXi has uninitialized memory usage. This issue may lead to an information leak. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4905 to this issue.
Deployment Considerations
None beyond the required patch bundles and reboot information listed in the table above.
Patch Download and Installation
An ESXi system can be updated using the image profile, by using the esxcli software profile command. For details, see the vSphere Command-Line Interface Concepts and Examples and the VMware vSphere Upgrade Guide. ESXi hosts can also be updated by manually downloading the patch ZIP file from the Patch Manager Download Portal and installing the VIB by using the esxcli software vib command.
Feedback
Yes
No
Powered by
