Search the VMware Knowledge Base (KB)
View by Article ID

VMware ESXi 5.5, Patch ESXi550-201609101-SG: Updates esx-base (2146720)

  • 1 Ratings
Language Editions

Details

Release date: September 15, 2016

Patch Category Security fix
Patch Severity Important
Build For build information, see KB 2146717.
Host Reboot Required No
Virtual Machine Migration or Shutdown Required Yes
Affected Hardware N/A
Affected Software N/A
VIBs Included VMware:esx-base:5.5.0:3.92.4345810
PRs Fixed 1615923, 1620822, 1629218, 1649488, 1669803
Related CVE numbers NA

 

Solution

Summaries and Symptoms
This patch updates the esx-base VIB to resolve the following issues:

  • The OpenSSL is updated to version openssl-1.0.1t.
  • ESXi Firewall allows UDP source port 53 traffic to all destination ports. This behavior with the ESXi firewall is expected as per ESXi's DNS client implementation. The ESXi DNS client uses 'high' ephemeral ports ( more than 49152) for DNS queries. But vulnerability scanners may still flag it as an issue. To better protect your ESXi, have an external firewall block for all incoming DNS traffic to ESXi from ports less than 49152.
  • OpenSSH is updated to version openssh-7.2.p2.
  • The ESXi NTP package is updated to version 4.2.8p8.
  • The ESXi userworld libxml2 library is updated to version 2.9.4.

 

Language Editions

ja,2147863;zh_cn,2148099

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 1 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 1 Ratings
Actions
KB: