ESXi Patches – November 2020

by ·

Today, all news is about Trump and Biden but US president can’t help you about keep safe your virtualization environments. Also you can’t keep safe even by using wooden plate. Go to my.vmware.com and download the new patches.

Security is Always Important But Not Everything

“Security is Always Important But Not Everything”, Ok… but the patches released all about vulnerabilities mitigations.

All supporting versions are affected by the below issue:

OpenSLP as used in ESXi has a use-after-free issue. This issue might allow a malicious actor with network access to port 427 on an ESXi host to trigger a use-after-free in the OpenSLP service resulting in remote code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-3992 to this issue. This patch contains the complete fix for CVE-2020-3992. For more information, see VMware Security Advisory VMSA-2020-0023.1.

ESXi Patches Release Notes

ESXi 7.0

Imageprofile ESXi-7.0U1a-17119627-standard (Build 17119627) includes the following updated VIBs:

NameVersionVendorSummaryCategorySeverityBulletin
cpu-microcode7.0.1-0.10.17119627VMwareCPU microcode updatessecurityimportantESXi_7.0.1-0.10.17119627
crx7.0.1-0.10.17119627VMwareCRX related bitssecurityimportantESXi_7.0.1-0.10.17119627
esx-base7.0.1-0.10.17119627VMwareESXi base systemsecurityimportantESXi_7.0.1-0.10.17119627
esx-dvfilter-generic-fastpath7.0.1-0.10.17119627VMwaredvfilter-generic-fastpath modulesecurityimportantESXi_7.0.1-0.10.17119627
esx-update7.0.1-0.10.17119627VMwareESXi install/upgrade components.securityimportantesx-update_7.0.1-0.10.17119627
esx-xserver7.0.1-0.10.17119627VMwareESXi X.Org XserversecurityimportantESXi_7.0.1-0.10.17119627
gc7.0.1-0.10.17119627VMwareSystemStorage extra for ESX 7.0securityimportantESXi_7.0.1-0.10.17119627
loadesx7.0.1-0.10.17119627VMwareProvides QuickBoot functionality.securityimportantesx-update_7.0.1-0.10.17119627
native-misc-drivers7.0.1-0.10.17119627VMwareVMware Esx VIBsecurityimportantESXi_7.0.1-0.10.17119627
vdfs7.0.1-0.10.17119627VMwareESXi VDFSsecurityimportantESXi_7.0.1-0.10.17119627
vsan7.0.1-0.10.17119627VMwareVSAN ESXisecurityimportantESXi_7.0.1-0.10.17119627
vsanhealth7.0.1-0.10.17119627VMwareESXi VSAN Health ServicesecurityimportantESXi_7.0.1-0.10.17119627

(For more information see Release Notes.)

ESXi 6.7

Imageprofile ESXi-6.7.0-20201103001-standard (Build 17098360) includes the following updated VIBs:

NameVersionVendorSummaryCategorySeverityBulletin
esx-base6.7.0-3.123.17098360VMwareESXi base systemsecurityimportantESXi670-202011301-SG
esx-update6.7.0-3.123.17098360VMwareESXi install/upgrade components.securityimportantESXi670-202011301-SG
vsan6.7.0-3.123.17067304VMwareVSAN ESXisecurityimportantESXi670-202011301-SG
vsanhealth6.7.0-3.123.17067305VMwareESXi VSAN Health ServicesecurityimportantESXi670-202011301-SG

(For more information see Release Notes.)

ESXi 6.5

Imageprofile ESXi-6.5.0-20201104001-standard (Build 17097218) includes the following updated VIBs:

NameVersionVendorSummaryCategorySeverityBulletin
esx-base6.5.0-3.146.17097218VMwareUpdates the ESX 6.5.0 esx-basesecuritycriticalESXi650-202011401-SG
esx-tboot6.5.0-3.146.17097218VMwareUpdates the ESX 6.5.0 esx-tbootsecuritycriticalESXi650-202011401-SG
vsan6.5.0-3.146.17067204VMwareUpdates the ESX 6.5.0 vsanbugfixcriticalESXi650-202011401-SG
vsanhealth6.5.0-3.146.17067206VMwareESXi VSAN Health ServicesecurityimportantESXi650-202011401-SG

(For more information see Release Notes.)

Workaround

Find the workaround on this VMware KB: https://kb.vmware.com/s/article/76372

See Also

Network Connection Problem on HPE FlexFabric 650 (FLB/M) Adapter

References

VMware

https://esxi-patches.v-front.de/

Davoud Teimouri

Davoud Teimouri is as a professional blogger, vExpert 2015/2016/2017/2018/2019/2020/2021/2022, vExpert NSX, vExpert PRO, vExpert Security, VCA, MCITP. This blog is started with simple posts and now, it has large following readers.

Leave a Reply

Your email address will not be published. Required fields are marked *