Apply the security fix
To upgrade the embedded Jetty Web server, do the following:
- Log in as an administrator to the machine on which the Update Manager server is installed.
- Download VUM-KB-1023962.exe to a local directory.
Download VUM-KB-1023962.exe from Customer Connect to a local directory.
- (Optional) Verify that the MD5 or SHA1 checksum of the downloaded file matches one of the following:
- MD5SUM: 1140cb4f897f8f63d780068f480dac4e
- SHA1SUM: d5f67eba67bda001bfc2b52c9b1a53d6757b7199
For more information on verifying the checksum match, see Using Cryptographic Hashes.
- To run the security fix, double-click VUM-KB-1023962.exe.
- On the welcome page of the wizard, click Next.
- To accept the EULA and start the upgrade, click I Agree.
- (Optional) To view the log messages, click Show details.
- When the upgrade completes, click Close.
- Verify that Jetty is upgraded to version 6.1.22.
- In a command prompt, navigate to the Update_Manager_installation_folder\jetty-6.1.6\ directory.
- The default path to the installation folder in 32-bit Windows is C:\ProgramFiles\VMware\Infrastructure\Update Manager
- The default path to the installation folder in 64-bit Windows is C:\Program Files(x86)\VMware\Infrastructure\Update Manager
- Run the command for checking the current Jetty version.
- To view the current Jetty version in Update Manager 4.1 and Update Manager 4.0 and the subsequent update releases, run the following command:
..\jre\bin\java -jar start.jar --version - To view the current Jetty version in Update Manager 1.0 Update 6, run the following command:
..\jre-1.5.0-16\bin\java -jar start.jar --version
Reapplying the security fix after upgrading Update Manager
If you apply the security fix and then upgrade to a newer version of Update Manager that also contains the security flaws, you might need to reapply the fix.
Note: Before reapplying the fix, verify that your upgraded Update Manager installation contains the security flaws. All affected versions are listed at the top of this page.
Reapply the security fix after you perform these upgrades:
- Upgrade from Update Manager 1.0 Update 6 to any version up to Update Manager 4.0 Update 2.
- Upgrade from Update Manager 4.0 to any version up to Update Manager 4.0 Update 2.
- Upgrade from Update Manager 4.0, 4.0 Update 1, 4.0 Update 1 Patch 1, 4.0 Update 1 Patch 2, or 4.0 Update 2 to Update Manager 4.1.
To reapply the fix:
- After upgrading Update Manager to any of the preceding versions, check the Jetty version.
- In a command prompt, navigate to the <Update_Manager_installation_folder>\jetty-6.1.6\ directory.
- The default path to the installation folder in 32-bit Windows is C:\ProgramFiles\VMware\Infrastructure\Update Manager
- The default path to the installation folder in 64-bit Windows is C:\Program Files(x86)\VMware\Infrastructure\Update Manager
- Run the command for checking the current Jetty version.
- To view the current Jetty version in Update Manager 4.1, Update Manager 4.0 and the subsequent update releases, run this command:
..\jre\bin\java -jar start.jar --version - To view the current Jetty version in Update Manager 1.0 Update 6, run the following command:
..\jre-1.5.0-16\bin\java -jar start.jar --version
- If the Jetty version is 6.1.6, reapply the fix by using the procedure in the Apply the security fix section.
Reapplying the security fix might result in an error message if an old Jetty registry key is present on the machine
If your Jetty version is 6.1.6 and you reapply the security fix after an upgrade of Update Manager, an error message might appear. The error message reads "VMware vCenter Update Manager
<version_number> does not require this patch." In such a scenario, remove the
JettyVersion registry key before reapplying the fix.
- Click Start > Run, type regedit.exe, and click OK.
- Navigate to Jetty registry key location.
- The path in 32-bit Windows is HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Update Manager.
- The path in 64-bit Windows is HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\VMware Update Manager.
- Delete the JettyVersion registry entry.
- Reapply the security fix.
Copyright statements and licenses
The attached
open_source_license_VUM-KB-1023962.txt contains the copyright statements and license(s) that apply to various open source software components (or portions thereof) that will be made available to VMware vCenter Update Manager upon installation. Use of such open source software is pursuant to such open source license terms and your end user license agreement for VMware vCenter Update Manager.