Search the VMware Knowledge Base (KB)
View by Article ID

VMware ESXi 6.0, Patch Release ESXi600-201703003 (2149673)

  • 12 Ratings

Details

ESXi 6.0 Update 2 or patches based on ESXi 6.0 Update 2 require an update to resolve critical security issues CVE-2017-4903 and CVE-2017-4904 and moderate security issue CVE-2017-4905. These issues are documented in VMware Security Advisory VMSA-2017-0006.

Release Date: Mar 28, 2017

Download Filename:
ESXi600-201703003.zip

Build:
5251623

Download Size:
366.6 MB

md5sum:
e94ea799389d838de5a106d467d59287

sha1sum:
0829c9821992411dba8964768c13e1c05c3a325f

Host Reboot Required: Yes

Virtual Machine Migration or Shutdown Required: Yes

Bulletins

Bulletin ID

Category

Severity

ESXi600-201703403-SG

Security

Critical


Image Profiles

Image Profile Name

ESXi-6.0.0-20170304003-standard

ESXi-6.0.0-20170304003-no-tools

Solution

Summaries and Symptoms

This patch updates the esx-base VIB to resolve these issues:
  • ESXi has uninitialized stack memory usage in SVGA. This issue may allow a guest VM to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4903 to this issue.
  • The ESXi XHCI controller has uninitialized memory usage. This issue may allow a guest VM to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4904 to this issue.
  • ESXi has uninitialized memory usage. This issue may lead to an information leak. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4905 to this issue.

Deployment Considerations

Apply this patch to these ESXi hosts:
  • update-from-esxi6.0-6.0_update02.zip or Build #3620759 – Released on 15/03/16
  • ESXi600-201605001.zip or Build # 3825889 – Released on 12/05/16
  • ESXi600-201608001.zip or Build# 4192238 – Released on 05/08/16
  • ESXi600-201610001.zip or Build # 4510822 – Released on 17/10/2016
  • ESXi600-201611001.zip or Build # 4600944 – Released on 22/11/2016
Note: To determine the current ESXi build number, see Build numbers and versions of VMware ESXi/ESX (2143832).

Patch Download and Installation

Download the ESXi600-201703003 Offline Bundle from VMware Downloads.

ESXi hosts can be updated by following methods:
Note: After patching the ESXi 6.0 hosts with VMware ESXi 6.0, Patch Release ESXi600-201703003, future upgrade path need to be to release ESXi600-201703001 and higher to prevent the issue being reintroduced to the environment.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 12 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 12 Ratings
Actions
KB: