Search the VMware Knowledge Base (KB)
Products:
View by Article ID

VMware ESX 4.0, Patch ESX400-200911201-UG: Updates Core (1014792)

  • 3 Ratings

Details

Product Versions ESX 4.0
Build For build information, see KB 1014842.
Patch Classification Critical
Host Reboot Required Yes
Virtual Machine Migration or Shutdown Required Yes
PRs Fixed

395028 389180 388236 393685 422287 376400 384231 450702 388481 395603 422454 422171 420933 422893 406766 455832 420631 450069 369851 464408 392234 397531 392586 384607 390023 397463 384878 407366 389814 394491 428786 383555 454072 466357 404825 396147 417497 456947 453331 349303 417178 459722 414479 467146 458898

Affected Hardware N/A
Affected Software N/A
VIBs Included vmware-esx-apps
vmware-esx-backuptools
vmware-esx-cim
vmware-esx-docs
vmware-esx-drivers-vmklinux-vmklinux
vmware-esx-esxcli
vmware-esx-esxupdate
vmware-esx-guest-install
vmware-esx-ima-qla4xxx
vmware-esx-iscsi
vmware-esx-lnxcfg
vmware-esx-lsi
vmware-esx-microcode
vmware-esx-nmp
vmware-esx-perftools
vmware-esx-scripts
vmware-esx-srvrmgmt
vmware-esx-tools
vmware-esx-uwlibs
vmware-esx-vmkctl
vmware-esx-vmkernel64
vmware-esx-vmnixmod
vmware-esx-vmx
vmware-hostd-esx
kernel
emulex-cim-provider
lsi-provider
Related CVE numbers CVE-2008-3528, CVE-2008-5700, CVE-2009-0028, CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676, CVE-2009-0778, CVE-2008-4307, CVE-2009-0834, CVE-2009-1337, CVE-2009-0787, CVE-2009-1336, CVE-2009-1439, CVE-2009-1633, CVE-2009-1072, CVE-2009-1630, CVE-2009-1192, CVE-2007-5966, CVE-2009-1385, CVE-2009-1388, CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407, CVE-2009-2692, CVE-2009-2698, CVE-2009-2847, CVE-2009-2848

Solution

Summaries and Symptoms

Issues fixed in this patch (and their relevant symptoms, if applicable) include:

  • Fixes an issue where the vcbSnapAll command might fail with an error when the backup_destination is set as scp.
  • Fixes an issue where the DRAC gets the operating system name through IPMI and displays VMware ESX Server for both ESX and ESXi. This fix replaces the hard coded name with VMware_HypervisorSoftwareIdentity.ElementName.
  • Fixes an issue where the BIOS version reported by CIM OMC_SMASHFirmwareIdentity is different from dmidecode on some machines.
  • Fixes an issue where the version information retrieved for the VMware_HypervisorSoftwareIdentity is hard coded at build time. If CIM components are patched individually, the build values for this provider might not match the same build number or version information in other components or applications. Once this fix is applied version information is retrieved using a common mechanism utilized by other components in the system.
  • This fix includes updated patent information.
  • Firewall rules are changed after VMware High Availability (HA) traffic, migration, cloning, patching, or VMotion. If you have modified firewall rules for the ESX console by using the iptables or any command or utility other than the esxcfg-firewall command, accessing the service console through the firewall with any tools or utilities might cause the firewall to revert to its default configuration when your actions are complete. For example, configuring HA on a host causes the firewall to revert to the default configuration specified by esxcfg-firewall if you have modified the rules by using the iptables command. This release enables you to define default firewall rules for each service type. See the Troubleshooting When Firewall Rules are overwritten topic of the ESX Server Configuration Guide for more information.
  • Fixes an issue where VMware Tools reports incorrect disk information through GuestInfo for Linux guests using Logical Volume Manager (LVM) partitions.
  • If you upgrade VMware Tools or the VSS components in VMware Tools to version 4.0, applications that require the msvcp71.dll file fail to start when a virtual machine is rebooted. This issue is fixed in this release.
  • Fixes an issue where installing VMware Tools overwrites the existing virtual printer drivers TPOG and TPOGPS if ThinPrint's .print server is installed. This fix checks for a registry entry created by .print, if this registry entry is detected the virtual printer drivers bundled with VMware Tools will not be installed.
  • Applications running on ESX or ESXi 4.0 that use poll or select-based event notification protocols, poll() or select(), on VMkernel character devices might repeatedly call the device until the device reports that events are available to the application. Because the driver is called repeatedly rather than waiting until called by an external event, this behavior results in a high CPU load. This issue is resolved in this release.
  • Fixes an issue where e1000 vNIC emulation does not function properly under the OS/2 guest operating system. This fix includes updated e1000 vNIC emulation to work around the issue.
  • Fixes an issue where ESX might disable the CDP daemon in the console operating system.
  • Fixes an issue where ESX might fail if an excessive number of synctime RPC messages build up in the queue, which results in VMX running out of memory. This fix limits the number of synctime RPC messages in the queue to 1.
  • Fixes an issue where a virtual machine's heartbeat status might appear healthier than it is.
  • Updates service console package kernel version to 2.6.18-128.7.1
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3528, CVE-2008-5700, CVE-2009-0028, CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676, and CVE-2009-0778 to the security issues fixed in kernel 2.6.18-128.1.6.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-4307, CVE-2009-0834, CVE-2009-1337, CVE-2009-0787, and CVE-2009-1336 to the security issues fixed in kernel 2.6.18-128.1.10.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-1439, CVE-2009-1633, CVE-2009-1072, CVE-2009-1630, and CVE-2009-1192 to the security issues fixed in kernel 2.6.18-128.1.14.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5966, CVE-2009-1385, CVE-2009-1388, CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, and CVE-2009-2407 to the security issues fixed in kernel 2.6.18-128.4.1.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2692, CVE-2009-2698 to the security issues fixed in kernel 2.6.18-128.7.1.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2847, CVE-2009-2848 to the security issues fixed in kernel 2.6.18-164.
    If you run the rpm -q --changelog kernel command on ESX 4.0 Update 1, the command displays the log of changes to the console OS kernel RPM. Due to an oversight, the security issues CVE-2009-2847 and CVE-2009-2848 which are fixed in this release are not listed in the changelog.
  • Fixes a series of vmklinux heap allocation warnings are followed by an ESX system failure. This issue is caused by an erroneous response to a legitimate overcommitment of memory. When memory runs low from heavy swapping or VMotion use, a vmklinux limitation might be encountered. Specifically, the problem is triggered by a shortage of memory located below address 4GB. In such a situation, a series of log messages warn of a failure to allocate memory for the vmklinux heap. ESX then becomes unavailable, logging exception 14 in a helper world. The following log excerpt is indicative of the messages logged:
    [1:01:35:02.450 cpu7:4480)WARNING: Heap: 1471: Could not allocate 2093688 bytes for dynamic heap vmklinux. Request returned Out of memory
    [1:01:35:02.450 cpu7:4480)WARNING: Heap: 1645: Heap_Align(vmklinux, 1024/1024 bytes, 8 align) failed. caller: 0x4180303746b7
    [1:01:35:02.450 cpu7:4480)WARNING: Heap: 1471: Could not allocate 2093688 bytes for dynamic heap vmklinux. Request returned Out of memory
    [1:01:35:02.450 cpu7:4480)WARNING: Heap: 1645: Heap_Align(vmklinux, 1024/1024 bytes, 8 align) failed. caller: 0x4180303746b7
    [VMware ESX [Releasebuild-164009 X86_64]
    #PF Exception(14) in world 4480:helper18-7 ip 0x41803037480c addr 0x0

    While this issue might in theory occur on ESXi, all observations have been with ESX installations. ESX has a higher vulnerability due to the use of low memory by the service console. This issue is resolved in this release.
  • Fixes an issue where virtual machines sometimes fail with a blue screen when hardware acceleration is enabled fully. Virtual machine fails displaying a blue screen when you run certain applications with the hardware acceleration enabled fully in Windows guest operating system. This is an issue with the SVGA driver, which is resolved in this release.
  • Fixes an issue where vSphere Client does not show correct identifier for FreeBSD operating system. The Summary tab in the vSphere Client does not display the correct identifier for FreeBSD guest operating system. This issue is resolved in this release.
  • Fixes an issue with font rendering issue in virtual machines when viewing in widescreen. When a virtual machine is configured for widescreen resolution, fonts appear distorted in Microsoft Office applications. This issue appears when the resolution is set to 2560 x 1024. The issue is resolved in this release.
  • Fixes an issue where enabling HA fails when ESX host does not have DNS connectivity. If the ESX host does not have DNS connectivity, when you enable or configure VMware HA, and the host short name is not populated in the /etc/hosts file, enabling or configuring HA might fail. This issue is resolved in this release.
  • Fixes an issue where ESX might stop responding when NFS volume goes offline. When a mounted NFS volume goes offline in an ESX Server cluster, it might cause the heap size to grow and might cause the ESX Server to stop responding.
  • Fixes an issue where setting VMkernel:Boot.storageHeapMaxSize to a value of 2147483647 or higher can cause a non-responsive server. If you use the Advanced Settings dialog box on the vSphere Client Configuration tab to set the VMkernel:Boot.storageHeapMaxSize option to a value of 2147483647 or higher, the ESX host will fail with a purple screen after you reboot it. This issue is resolved in this release.
  • Fixes an issue where the fix for a previously identified VMotion failure might prevent the migration (of virtual machines with video ram greater than 30MB only) to a host without the fix. ESX 4.0 Update 1 fixes the VMotion failure as described in KB 1011971. However, using VMotion to migrate a virtual machine with video ram of greater than 30MB to an ESX 4.0 Update 1 host might prevent you from migrating back to a host that does not have this fix.
  • Fixes an issue where vCenter issues an error when the Power.CpuPolicy configuration option is changed to dynamic. While changing the Power.CpuPolicy option from static to dynamic, vCenter issues the following error message:
    The value entered is not valid. Enter another value
    This error appears because ESX 4.0 attempts to change the system's CPU power management policy to dynamic even when the BIOS does not properly support processor performance states (P-states). This issue is resolved in this release.
  • Fixes an issue where networking performance data is missing when the VMNEXT3 adapter is used. The Networking panel is missing in the Performance tab of a virtual machine when a guest is using a VMNEXT Generation 3 adapter. If a virtual machine has a mix of virtual adapters, the Networking panel of the guests not using VMNEXT3 is still displayed. This issue is resolved in this release.
  • Fixes an issue where the proxy file path access to an SMB/CIFS shared storage fails. Booting a virtual machine from a CD-ROM fails, where the ISO file is located on a share mounted using SMB/CIFS protocol. This issue occurs because the proxy file path access is denied when using SMB/CIFS protocol. This issue is resolved in this release.

    For a complete list of the issues fixed in ESX 4.0 Update 1, see the ESX 4.0 Update 1 Release Notes.

Deployment Considerations

None beyond the required patch bundles and reboot information listed in the table above.

Patch Download and Installation

See the VMware vCenter Update Manager Administration Guide for instructions on using Update Manager to download and install patches to automatically update ESX 4.0 hosts.

To update ESX 4.0 hosts when not using Update Manager, download the patch zip file from http://support.vmware.com/selfsupport/download/ and install the bulletin using esxupdate from the command line of the host. For more information, see the ESX 4 Patch Management Guide.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 3 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 3 Ratings
Actions
KB: