VMware ESXi 6.0, Patch Release ESXi600-201703002
Article ID: 334755
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
ESXi 6.0 Update 1 or patches based on ESXi 6.0 Update 1 require an update to resolve critical security issues CVE-2017-4903 and CVE-2017-4904 and moderate security issue CVE-2017-4905. These issues are documented in VMware Security Advisory VMSA-2017-0006.
This patch addresses these issues.
Release Date: Mar 28, 2017
Download Filename:
ESXi600-201703002.zip
Build:
5251621
Download Size:
357.7 MB
md5sum:
c63251197ef179b745de3cf109e11e94
sha1sum:
4a7ea1cc359b3ea64a77b599e1dfbf9ac9445962
Host Reboot Required: Yes
Virtual Machine Migration or Shutdown Required: Yes
Bulletins
Bulletin ID | Category | Severity |
ESXi600-201703402-SG | Security | Critical |
Image Profiles
Image Profile Name |
ESXi-6.0.0-20170304002-standard |
ESXi-6.0.0-20170304002-no-tools |
Environment
VMware vSphere ESXi 6.0
Resolution
Summaries and Symptoms
This patch updates the esx-base VIB to resolve these issues:
- ESXi has uninitialized stack memory usage in SVGA. This issue may allow a guest VM to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4903 to this issue.
- The ESXi XHCI controller has uninitialized memory usage. This issue may allow a guest VM to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4904 to this issue.
- ESXi has uninitialized memory usage. This issue may lead to an information leak. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4905 to this issue.
Deployment Considerations
Apply this patch to these ESXi hosts:
- update-from-esxi6.0-6.0_update01.zip or Build #3029758 - Released on 10/09/15
- ESXi600-201510001.zip or Build #3073146 - Released on 06/10/15
- ESXi600-201511001.zip or Build # 3247720 - Released on 26/11/15
- ESXi600-201601001.zip or Build# 3380124 - Released on 07/01/16
- ESXi600-201602001.zip or Build # 3568940 - Released on 23/02/16
Patch Download and Installation
Download the ESXi600-201703002 Offline Bundle from VMware Downloads.
ESXi hosts can be updated by following methods:
- Upgrading Hosts by Using esxcli Commands
- Import Patches Manually using the vSphere Update Manager. For more information, see the Installing and Administering VMware vSphere Update Manager.
Note: After patching the ESXi 6.0 hosts with VMware ESXi 6.0, Patch Release ESXi600-201703002, future upgrade path need to be to release ESXi600-201703001 and higher to prevent the issue being reintroduced to the environment.
Feedback
Yes
No
Powered by
