Search the VMware Knowledge Base (KB)
View by Article ID

ESXi 6.0, Patch ESXi-6.0.0-20170304001-no-tools (2149571)

  • 0 Ratings

Details

Profile Name
ESXi-6.0.0-20170304001-no-tools
Build
For build information, see KB 2149568.
Vendor
VMware, Inc.
Release Date
Mar 28, 2017
Acceptance Level
PartnerSupported
Affected Hardware
N/A
Affected Software
N/A
Affected VIBs
  • VMware_bootbank_esx-base_6.0.0-3.58.5224934
  • VMware_bootbank_vsan_6.0.0-3.58.5224737
  • VMware_bootbank_vsanhealth_6.0.0-3000000.3.0.3.58.5224738
PRs Fixed
N/A
Related CVE numbers
CVE-2017-4903, CVE-2017-4904, CVE-2017-4905

Note: This patch is based on ESXi 6.0 Update 3. If your data center uses one of the following deployments and you do not plan to upgrade to ESXi 6.0 Update 3, see the Deployment Considerations section of this Knowledge Base article for additional information.

  • ESXi 6.0 Update 1 or patches based on ESXi 6.0 Update 1
  • ESXi 6.0 Update 2 or patches based on ESXi 6.0 Update 2

Solution

Summaries and Symptoms

This patch resolves the following issues:

  • ESXi has uninitialized stack memory usage in SVGA. This issue may allow a guest VM to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4903 to this issue.

  • The ESXi XHCI controller has uninitialized memory usage. This issue may allow a guest VM to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4904 to this issue.

  • ESXi has uninitialized memory usage. This issue may lead to an information leak. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4905 to this issue.

Deployment Considerations

If your data center uses an ESXi deployment of 6.0 Update 3, there are no special considerations beyond the information listed in the table above. However, if your data center uses an ESXi deployment other than ESXi 6.0 Update 3, see the following Knowledge Base articles for more information.
  • If your data center uses an ESXi 6.0 Update 1 deployment or patches based on ESXi 6.0 Update 1 and you do not plan to upgrade to ESXi 6.0 Update 3, see KB 2149672.

  • If your data center uses an ESXi 6.0 Update 2 deployment or patches based on ESXi 6.0 Update 2 and you do not plan to upgrade to ESXi 6.0 Update 3, see  KB 2149673.

Note: To determine your ESXi deployment type, see KB 2143832.

Patch Download and Installation

An ESXi system can be updated using the image profile, by using the esxcli software profile command. For details, see the vSphere Command-Line Interface Concepts and Examples and the VMware vSphere Upgrade Guide. ESXi hosts can also be updated by manually downloading the patch ZIP file from the Patch Manager Download Portal and installing the VIB by using the esxcli software vib command.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 0 Ratings
Actions
KB: