VMware ESXi 6.0, Patch Release ESXi600-201703003
search cancel

VMware ESXi 6.0, Patch Release ESXi600-201703003

book

Article ID: 328718

calendar_today

Updated On:

Products

VMware

Issue/Introduction

ESXi 6.0 Update 2 or patches based on ESXi 6.0 Update 2 require an update to resolve critical security issues CVE-2017-4903 and CVE-2017-4904 and moderate security issue CVE-2017-4905. These issues are documented in VMware Security Advisory VMSA-2017-0006.
 
Release Date: Mar 28, 2017
 
Download Filename:
ESXi600-201703003.zip
 
Build:
4510822

Download Size:
366.6 MB

md5sum:
e94ea799389d838de5a106d467d59287

sha1sum:
0829c9821992411dba8964768c13e1c05c3a325f

Host Reboot Required: Yes
 
Virtual Machine Migration or Shutdown Required: Yes
 
Bulletins

Bulletin ID

Category

Severity

ESXi600-201703403-SG

Security

Critical

 
Image Profiles
 

Image Profile Name

ESXi-6.0.0-20170304003-standard

ESXi-6.0.0-20170304003-no-tools



Resolution

Summaries and Symptoms

This patch updates the esx-base VIB to resolve these issues:
  • ESXi has uninitialized stack memory usage in SVGA. This issue may allow a guest VM to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4903 to this issue.
  • The ESXi XHCI controller has uninitialized memory usage. This issue may allow a guest VM to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4904 to this issue.
  • ESXi has uninitialized memory usage. This issue may lead to an information leak. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4905 to this issue.

Deployment Considerations

Apply this patch to these ESXi hosts:
  • update-from-esxi6.0-6.0_update02.zip or Build #3620759 – Released on 15/03/16
  • ESXi600-201605001.zip or Build # 3825889 – Released on 12/05/16
  • ESXi600-201608001.zip or Build# 4192238 – Released on 05/08/16
  • ESXi600-201610001.zip or Build # 4510822 – Released on 17/10/2016
  • ESXi600-201611001.zip or Build # 4600944 – Released on 22/11/2016
Note: To determine the current ESXi build number, see Build numbers and versions of VMware ESXi/ESX (2143832).

Patch Download and Installation

Download the ESXi600-201703003 Offline Bundle from VMware Downloads.
 
ESXi hosts can be updated by following methods:
Note: After patching the ESXi 6.0 hosts with VMware ESXi 6.0, Patch Release ESXi600-201703003, future upgrade path need to be to release ESXi600-201703001 and higher to prevent the issue being reintroduced to the environment.

Additional Information

Reference for VMware ESXi 6.0, Patch ESXi600-201703403-SG: Updates esx-base, vsan, vsanhealth

Powered by Wolken Software