Search the VMware Knowledge Base (KB)
View by Article ID

ESX Server 3.5, Patch ESX350-200808201-UG: Security and Other Updates to VMkernel, Service Console, and hostd (1005894)

  • 2 Ratings

Details

Release Date: 13-Aug-2008
Document Last Updated:
27-Aug-2008 - corrected kernel number for service console
25-Sep-2008 - added entry for VMkernel ACPI PCI fixed issue
03-Oct-2008 - Added information to enable AllowPromiscFilters. (Block duplicate multicast/broadcast packet in a teamed environment when the virtual switch is set to Promiscuous mode.)

 

Download Size:
282MB
Download Filename:
ESX350-200808201-UG.zip
md5sum:
e25caefdf131aa156a55ea25a9414a2c
Product Versions ESX Server 3.5 Update 2
Patch Classification Update, Security
Supersedes
ESX350-200803211-UG
ESX350-200802401-BG
ESX350-200802409-BG
ESX350-200802411-BG
ESX350-200802412-BG
ESX350-200803202-UG
ESX350-200712407-BG
ESX350-200712409-BG
ESX350-200712410-BG
ESX350-200804401-BG
ESX350-200804402-BG
ESX350-200804403-BG
ESX350-200804407-BG
ESX350-200805513-BG
ESX350-200805503-BG
ESX350-200806402-BG
ESX350-200805501-BG
ESX350-200806405-BG
ESX350-200806401-BG
ESX350-200806201-UG
Requires ESX350-200808202-UG
ESX Server Host Reboot Required
Yes
Restart hostd Required
service mgmt-vmware restart
No
Maintenance Mode Required, Power Off or Migrate Virtual Machines
Yes
PRs Fixed 161026, 176798, 223609, 180663, 218769, 22360, 221630, 230841, 237003, 237227, 237314, 239937, 244705, 246079, 247428, 249699, 251358, 252301, 240649
Affected Hardware LSI MegaRAID SAS 1064 and 1078
Affected Software
  • OEM Management Agent packages like Dell OpenManage, HP Insight Manager, and IBM Director
  • Windows Server 2008
  • PRIMERGY BX630 blade servers
  • PRIMERGY RX300 S3 rack servers
RPMs Included VMware-esx-apps
VMware-esx-ima-qla4xxx
VMware-esx-iscsi
VMware-esx-perftools
VMware-esx-tools
VMware-esx-vmkctl
VMware-esx-vmkernel
VMware-esx-vmx
VMware-hostd-esx
kernel-source
kernel-vmnix
Related CVE numbers CVE-2006-5823, CVE-2006-6054, CVE-2007-1592, CVE-2007-3848, CVE-2007-2172, CVE-2006-4538, CVE-2007-3739, CVE-2007-4308

Solution

Summaries and Symptoms

Issues fixed in this patch (and their relevant symptoms, if applicable) include:

  • The .config file is missing in the ESX Server service console.

    Previously, the ESX Server service console kernel-source package omitted the .config file that directs which Linux kernel options are to be enabled. The kernel-source package now provides a .config file, which enables OEM Management Agent packages like Dell OpenManage, HP Insight Manager, and IBM Director to build their kernel modules.

  • Update the service console kernel version to kernel-2.4.21-57.EL (RHEL3U9).

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5001, CVE-2007-6151, CVE-2007-6206, CVE-2008-0007, CVE-2008-1367, CVE-2008-1375, CVE-2006-4814, and CVE-2008-1669 to the security issues fixed in kernel-2.4.21-57.EL.

  • Virtual disk size can be changed while the virtual machine is powered on.

    On powered-on virtual machines that are running on ESX Server 3.5 Update 2, the size of the virtual disks can be changed by using the Provision Size control that is available when editing the virtual disk settings of virtual machines.

  • Concurrent VMFS volume rescans impact I/O performance.

  • This patch includes a dependency for ESX350-200806203-UG, which adds support for VSS quiescing. For the related patch, see KB 1005896.

  • This patch includes a dependency for ESX350-200806207-UG, for the issue: Ramchecker service fails to start. For the related patch, see KB 1005900.

  • Add support for Windows Server 2008 as a guest operating system.

  • VMware Consolidated Backup fails to back up the virtual disks of virtual machines that do not run Windows or Linux operating systems.

    Error messages similar to the following might display:

    [2008-02-06 12:28:07.234 'vcbMounter' 3076457280 error] Error: Other error encountered: Snapshot creation failed: Custom pre-freeze script failed.
    [2008-02-06 12:28:07.234 'vcbMounter' 3076457280 error] An error occurred, cleaning up...
    [2008-02-06 12:28:07.356 'SOAP' 3076457280 trivia] Sending soap request to
    [TCP:cs-tse-h20:443]: logout


  • Web Services Description Language (WSDL) and API reference documentation incorrectly specify properties of type MethodFault.

    Fixed an issue where the web services description language (WSDL) and API reference documentation refers to the type of certain properties as MethodFault, instead of LocalizedMethodFault. As a result, WSDL-based clients are unable to de-serialize responses from the server that contain properties of type MethodFault. The fix updates the WSDL and API reference documentation for faults to specify LocalizedMethodFault rather than MethodFault.

  • Provides a dependency for ESX350-200806213-UG, which fixes the issue, "Path failover might not complete successfully with LSI3444E, under high stress." For the related patch, see KB 1005906. For more information about the issue, see KB 1004313.

  • Add a lock mode (-l) to esxtop to help optimize CPU utilization.

    In a large ESX Server deployment that includes many LUNs, esxtop usesa lot of CPU while accessing storage statistics.

    To alleviate this problem, you can use the -l option with esxtop to enable lock mode. This option locks the entities (worlds, virtual CPUs, LUNs, NICs, and so on) for which statistics are displayed. Any new entities created during the esxtop session will not have statitistics displayed.

    Batch mode (-b) also implies lock mode.

  • Broadcast and multicast packets become duplicated in a virtual machine configuration where two NICs are teamed, promiscuous mode is enabled, and load balancing is set to use the source port ID.

    Note: After setting the vSwitch to Promiscous mode to Accept, you must change the setting for /proc/vmware/config/net/AllowPromiscFilters to 1 by entering the command:

    echo 1 >> /proc/vmware/config/Net/AllowPromiscFilters

    Double-check the setting is enabled. Enter the commmand:

    cat /proc/vmware/config/Net/AllowPromiscFilters

    The output returned should look like this:

    AllowPromiscFilters (Block duplicate multicast/broadcast packet in a teamed environment when the virtual switch is set to Promiscuous mode.) [0-1: default = 0]: 1

    Important: Do not open any /proc files using an editor. Always use the echo command to change /proc settings.

  • ESX Server host crashes when unloading Bnx2x driver.

    This patch fixes an issue where the ESX Server host crashes when unloading the Bnx2x driver. An error message similar to the following might be displayed:

    VMware ESX Server [host name]
    Exception type 14 in world 1027:idle3 @ 0xa575d7

  • This patch provides a dependency for ESX350-200806212-UG, which upgrades the megaraid_sas driver from 3.0.9 to 3.0.19 to support the following controllers: LSI MegaRAID SAS 1078and LSI MegaRAID SAS 1064. For the related patch, see KB 1005905.

  • This patch includes a dependency for ESX350-200806211-UG, which updates the tg3 driver from 3.43b to 3.81c to take advantage of numerous upstream fixes in the drivers. For the related patch, see KB 1005904.

  • Changed the VMkernel ACPI component's PCI configuration space access to allow affected systems (currently, BX630 blade servers and RX300 S3 rack servers) to successfully boot ESX 3.5. Affected systems also displayed hardware configuration issues, which resulted in various devices not working. Also see http://kb.vmware.com/kb/1005480.

Deployment Considerations

None beyond the required patch bundles and reboot information listed in the table, above.

Patch Download and Installation

See the VMware Update Manager Administration Guide for instructions on using Update Manager to download and install patches to automatically update ESX Server 3.5 hosts.

To update ESX Server 3.5 hosts when not using Update Manager, download the most recent patch bundle from http://www.vmware.com/download/vi/vi3_patches_35.html and install the bundle using esxupdate from the command line of the host. For more information, see the ESX Server 3 Patch Management Guide.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 2 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 2 Ratings
Actions
KB: