VMware ESX Server 3i, Patch ESXe350-200805501-I-SG: Firmware Update (1004172)
Release Date: 03 JUNE 2008
Document Last Updated: 03 JUNE 2008
|Product Versions||ESX Server 3i version 3.5|
|Virtual Machine Migration or Reboot Required||Yes|
|ESX Server Host Reboot Required||Yes|
|PRs Fixed||245837, 222693, 254703, 247845, 246346, 202510, 241474, 186833, 249223, 253318, 249054, 256414, 223277, 229414, 226410, 244313, 244316, 259574, 259537, 240167, 244313, 244316, 259574, 259537, 249259, 257330, 121161, 233649, 271144, 249940|
|Related CVE numbers||CVE-2008-2097, CVE-2008-2100, CVE-2008-0967|
Summaries and Symptoms
Issues fixed in this patch (and their relevant symptoms, if applicable) include:
- Performance improvements in VMkernel IOAPIC writes. (PR 245837)
- Punctuation was missing in some paragraphs that described network configuration options, found in the Advanced Settings dialog box. (PR 222693)
- A potential crash (PSOD) condition existed in the VMkernel LVM driver. (PR 254703)
Symptoms: In the presence of spanned volumes that are in use, rare error conditions that might happen when a rescan is performed might cause the system to crash (PSOD).
- Certain malicious or flawed guest drivers can cause a VMkernel crash (PSOD). (PR 247845)
- VMware NetQueue does not work properly with some NIC drivers when MSI/MSI-x is enabled. (PR 246346)
- Device ID informational logs (VMWARE SCSI Id:) sometimes exceeded the maximum length, which prevented log scrolling on logterm. This situation could cause a serial port listener to stall. (PR 202510)
- ESX Server panicked while powering on a virtual machine configured with NPIV, when the system was running multiple virtual machines configured with NPIV. (PR 241474)
- Optimized VMotion IGMP reconnection lag. (PR 186833)
Symptoms: IGMP users formerly lost connectivity to their IGMP applications as a result of a VMotion or teaming failover for up to 1 minute (or more depending on how often the IGMP router is configured to send IGMP General Queries). This change makes the IGMP downtime similar to normal VMotion downtime, which should not be more than a few seconds.
- After changing the CPU affinity for a virtual machine (from the VI Client by choosing Edit Settings > Resources > Advanced CPU), the virtual machine no longer needs to be powered off and on again for the change to take effect. (PR 249223)
- Updates to the vm-support script:
- The vm-support script now collects old_cores only with the -a option. (PR 253318)
- The vm-support script now collects data from /var/lib/iscsi. (PR 249054)
- The vm-support script now collects the contents of the aam directory. (PR 223277)
The vm-support script now collects the vpxa.cfg file. (PR 229414)
A typographic error existed in the output message for vm-support –X . (PR 256414)
Security update to Openwsman that fixes an invalid content-length vulnerability. (PR 226410)
Openwsman is a system management platform that implements the Web Services Management protocol (WS-Management). It is installed and running by default. It is used in the VMware Management Service Console and in ESXi.
The openwsman management service on ESX 3.5 and ESXi 3.5 is vulnerable to a privilege escalation vulnerability, which may allow users with non-privileged ESX or Virtual Center accounts to gain root privileges.
To exploit this vulnerability, an attacker would need a local ESX account or a VirtualCenter account with the Host.Cim.CimInteraction permission.
Systems with no local ESX accounts and no VirtualCenter accounts with the Host.Cim.CimInteraction permission are not vulnerable.
This vulnerability cannot be exploited by users without valid login credentials.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2097 to this issue.
Buffer overflow vulnerabilities are present in the VIX API. Exploitation of these vulnerabilities might result in code execution on the host system or on the service console in ESX Server from the guest operating system. (PRs 244313, 244316, 259537, 259574)
The VIX API (also known as "Vix") is an API that lets users write scripts and programs to manipulate virtual machines. It is high-level, easy to use, and practical for both script developers and application programmers.
The VIX API can be enabled and disabled using the vix.inGuest.enable setting in the VMware configuration file. This default value for this setting is "disabled."
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2100 to this issue.
- Suspending Windows 2008 virtual machines that are in standby mode might cause these virtual machines to crash. (PR 240167)
- Increased the default memory and disk sizes for Windows Server 2008 guest operating systems to prevent possible performance or installation issues. (PR 249259)
- The recommended memory has been changed from 1G to 2G for both 32-bit and 64-bit guests.
- The minimum memory remains the same for both at 512MB.
- The maximum memory remains the same for both at 64GB.
- The recommended disk space has been changed to 40GB from 24GB (64-bit guests) and 16GB (32-bit guests).
- Solaris 10 Update 4, 64-bit graphical installation failed with the default virtual machine RAM size of 512MB. The default RAM size for a Sun Solaris 10 (64-bit) virtual machine is now 580MB. (PR 257330)
- The X server starts and remains displaying the root window (no X clients) for five to ten minutes, then quits and returns you to the text console.
- The X server starts and crashes shortly thereafter with various X server errors.
- Fixed a memory access issue in the iSCSI daemon. (PR 121161)
Symptoms: The iSCSI daemon dies suddenly, resulting in new targets not getting discovered on a rescan
An ESXi host connected to a CLARiiON or Invista array registered with a localhost, 127.0.0.1 address. (PR 233649)Symptoms: CX array administration cannot be performed and, in some cases, the host is removed from its storage group.
Virtual hardware upgrade did not work after upgrading an ESX Server 2.5.x virtual machine to ESX Server 3i using VMotion. This issue was seen when ESX Server 3i had been patched with bundles from 30 APRIL 2008. (PR 271144)
Symptoms: Hardware upgrade fails with the error message:
Cannot upgrade virtual machine: The virtual machine's hardware id is up-to-date and does not need to be upgraded.
Fix for a security issue related to local exploitation of an untrusted library path vulnerability in vmware-authd. In order to exploit this vulnerability, an attacker must have local access and the ability to execute the set-uid vmware-authd binary on an affected system. Exploitation of this flaw might result in arbitrary code execution on the Linux host system by an unprivileged user. (PR 249940)
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0967 to this issue.
Patch Download and Installation
The typical way to apply patches to ESX Server 3i hosts is through the VMware Update Manager. For details, see the VMware Update Manager Administration Guide.
- ESXe350-200805501-I-SG: Firmware Update - Described in this KB.
ESXe350-200805502-T-SG: VMware Tools Update for ESXi - Contains several fixed issues. See KB 1004173 for details.
ESXe350-200805503-C-SG: VI Client update for ESXi - This bundle syncs up VI Client with the latest version in Update 1. See KB 1005073 for details.
Note: ESX Server 3i hosts do not reboot automatically when you patch with the offline bundle through the VI Client or the RCLI. The hosts must be manually rebooted after any update has been installed. Please refer to the guides listed above for more information or for information on how to perform updates so that they can be rolled back after installation.