VMware ESXi 6.5, Patch Release ESXi650-201712103-SG: Updates esx-ui VIB
Article ID: 345516
Updated On:
Products
VMware
Issue/Introduction
Release date: December 19, 2017
| Patch Category | Security |
| Patch Severity | Important |
| Host Reboot Required | No |
| Virtual Machine Migration or Shutdown Required | No |
| Affected Hardware | N/A |
| Affected Software | N/A |
| VIBs Included |
|
| PRs Fixed | 1978164 |
| Related CVE numbers | CVE-2017-4940 |
Resolution
Summaries and Symptoms
This patch updates the esx-ui VIB to resolve the following issue:
-
This release resolves a vulnerability in the ESXi Embedded Host Client that might allow for stored cross-site scripting (XSS). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4940 to this issue.
Patch Download and Installation
The typical way to apply patches to ESXi hosts is through the VMware vSphere Update Manager. For details, see the Installing and Administering VMware vSphere Update Manager.ESXi hosts can be updated by manually downloading the patch ZIP file from the VMware download page and installing the VIB by using the esxcli software vib command. Additionally, the system can be updated using the image profile and the esxcli software profile command. For details, see the vSphere Command-Line Interface Concepts and Examples and the vSphere Upgrade Guide.
Feedback
Yes
No
Powered by
