Search the VMware Knowledge Base (KB)
View by Article ID

ESX Server 3.5, Patch ESX350-200805501-BG: Updates to VMkernel and Multiple RPMs (1004637)

  • 3 Ratings

Details

Release Date: 03 JUNE 2008
Document Last Updated: 03 JUNE 2008

 

Download Size:
205 MB
Download Filename:
ESX350-200805501-BG.zip
md5sum:
31a620aa249c593c30015b5b6f8c8650

Product Versions ESX Server 3.5
Patch Classification Critical, Security
Supersedes ESX350-200712409-BG, ESX350-200712410-BG, ESX350-200802401-BG, ESX350-200802411-BG, ESX350-200802412-BG, ESX350-200803202-UG, ESX350-200804401-BG, ESX350-200804402-BG, ESX350-200804403-BG
Requires ESX350-200805502-BG
Virtual Machine Migration or Reboot Required Yes
ESX Server Host Reboot Required Yes
PRs Fixed 244313, 244316, 259537, 259574, 240167, 249259, 257330, 245837, 222693, 254703, 247845, 246346, 202510, 241474, 186833, 249223, 226278, 203511, 144382, 225506
Affected Hardware NIC drivers with MSI/MSI-x enabled
Affected Software
  • Guest operating systems configured with N_Port ID Virtualization (NPIV)
  • Windows 2008 guest operating systems
     
  • Solaris 10 Update 4, 64-bit virtual machines
     
RPMs Included
VMware-esx-apps
VMware-esx-tools
VMware-esx-vmkctl
VMware-esx-vmkernel
VMware-esx-vmx
VMware-hostd-esx
Related CVE numbers CVE-2008-2100

 

Solution

Summaries and Symptoms

Issues fixed in this patch (and their relevant symptoms, if applicable) include:
  • Buffer overflow vulnerabilities are present in the VIX API. Exploitation of these vulnerabilities might result in code execution on the host system or on the service console in ESX Server from the guest operating system.  (PRs 244313, 244316, 259537, 259574)

    The VIX API (also known as "Vix") is an API that lets users write scripts and programs to manipulate virtual machines. It is high-level, easy to use, and practical for both script developers and application programmers.

    The VIX API can be enabled and disabled using the vix.inGuest.enable setting in the VMware configuration file. This default value for this setting is "disabled."

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2100 to this issue.

  • Suspending Windows 2008 virtual machines that are in standby mode might cause these virtual machines to crash. (PR 240167)

  • Increased the default memory and disk sizes for Windows Server 2008 guest operating systems to prevent possible performance or installation issues. (PR 249259)

    • The recommended memory has been changed from 1G to 2G for both 32-bit and 64-bit guests.

    • The minimum memory remains the same for both at 512MB.

    • The maximum memory remains the same for both at 64GB.

    • The recommended disk space has been changed to 40GB from 24GB (64-bit guests) and 16GB (32-bit guests).

  • Solaris 10 Update 4, 64-bit graphical installation failed with the default virtual machine RAM size of 512MB. The default RAM size for a Sun Solaris 10 (64-bit) virtual machine is now 580MB. (PR 257330)

    Symptoms:

    • The X server starts and remains displaying the root window (no X clients) for five to ten minutes, then quits and returns you to the text console.

    • The X server starts and crashes shortly thereafter with various X server errors.

  • Performance improvements in VMkernel IOAPIC writes. (PR 245837)

  • Missing punctuation in some paragraphs that describe network configuration options, found in the Advanced Settings dialog box. (PR 222693)

  • Potential crash (PSOD) in the VMkernel LVM driver. (PR 254703)

    Symptoms: In the presence of spanned volumes that are in use, rare error conditions that might happen when a rescan is performed might cause the system to crash (PSOD).

  • Certain malicious or flawed guest drivers can cause a VMkernel crash (PSOD). (PR 247845)

  • VMware NetQueue does not work properly with some NIC drivers when MSI/MSI-x is enabled. (PR 246346)

  • Device ID informational logs (VMWARE SCSI Id:) sometimes exceeded the maximum length, which prevented log scrolling on logterm. (PR 202510)

    Symptoms: This situation could cause a serial port listener to stall.

  • ESX Server panics while powering on a virtual machine configured with NPIV, when the system is running multiple virtual machines configured with NPIV. (PR 241474)

  • Optimize VMotion IGMP reconnection lag. (PR 186833)

    Symptoms: IGMP users formerly lost connectivity to their IGMP applications as a result of a VMotion or teaming failover for up to 1 minute (or more depending on how often the IGMP router is configured to send IGMP General Queries). This change makes the IGMP downtime similar to normal VMotion downtime, which should not be more than a few seconds.

  • After changing the CPU affinity for a virtual machine (from the VI Client by choosing Edit Settings > Resources > Advanced CPU), the virtual machine no longer needs to be powered off and on again for the change to take effect. (PR 249223)

  • The esxcfg-vswif man page now includes the following information. In order for the command esxcfg-vswif -c to work, vswif must be enabled. (PR 226278)

  • The manual page of esxcfg-vswif now describes the -s option as the short form of --disable, and the -D option as the short form of --disable-all. (PR 203511)

  • A fix to allow the vm-support script to upload all the data it collects from a Windows guest to the virtual machine's log file, vmware.log. (PR 144382)

  • An error message now displays to alert users that connecting to a remote client device from a Linux guest's VMware Tools is not possible. (PR 225506)

     

Deployment Considerations

This bundle contains a VMkernel compatibility fix and therefore should not be installed with the esxupdate command's --noreboot option. The ESX Server system must be rebooted immediately after this bundle is installed.
 
Also, manually restarting hostd after applying this bundle with --noreboot will fail. To recover from this mistake, reboot the host.

Patch Download and Installation

See the VMware Update Manager Administration Guide for instructions on using Update Manager to download and install patches to automatically update ESX Server 3.5 hosts.

To update ESX Server 3.5 hosts when not using Update Manager, download the most recent patch bundle from http://www.vmware.com/download/vi/vi3_patches_35.html and install the bundle using esxupdate from the command line of the host. For more information, see the ESX Server 3 Patch Management Guide.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 3 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 3 Ratings
Actions
KB: