VMware ESX Server 1.5.2 Patch 4

Released 7/31/03 TAR File

Note: This patch only works on ESX Server 1.5.2 (the GA release or any patch version). Patch 4 is a cumulative patch, and includes the changes in Patch 1, 2 and 3.

Fixes Included in ESX Server 1.5.2 Patch 4

• Fix for a vulnerability that can allow a user of the host system to start an arbitrary program with root privileges. By manipulating the VMware ESX Server environment variables, a program such as a shell session with root privileges could be started when a virtual machine is launched. The user would then have full access to the host.

Installing the Patch

• Before Upgrading to ESX Server 1.5.2 Patch 4
• Upgrading from ESX Server 1.5.2 to ESX Server 1.5.2 Patch 4
• Manual Steps to Upgrade from ESX Server 1.5.2 to ESX Server 1.5.2

Before Upgrading to ESX Server 1.5.2 Patch 4
There are a few steps you should take before you install ESX Server 1.5.2 patch 4 to ensure the best possible upgrade experience.

• Resume and shut down suspended virtual machines
  If you plan to use virtual machines created under a previous version of ESX Server, be sure they have been shut down completely before you upgrade.

  If the virtual machine is suspended, resume it in the earlier release, shut down the guest operating system, then power off the virtual machine.

  If you attempt to resume a virtual machine that was suspended under a different VMware product or a different version of ESX Server, a message gives you the choice of discarding or keeping the file that stores the suspended state. To recover the suspended state, you must click Keep, then resume the virtual machine under the correct VMware product. If you click Discard, you can power on normally, but the suspended state is lost.

• Commit or discard changes to undoable disks
  If you plan to use existing virtual machines that have undoable disks, commit or discard any changes to the virtual disks before you remove the release you used to create them.

  Resume or power on the virtual machine in the earlier release, shut down the guest operating system, power off the virtual machine and either commit or discard changes to the undoable disk when prompted.

• Back up virtual machines
  As a precaution, back up the virtual machine files -- including the .dsk and .cfg files -- for any existing virtual machines you plan to migrate to ESX Server 1.5.2 patch 4.

Upgrading From ESX Server 1.5.2 to ESX Server 1.5.2 Patch 4
To upgrade from ESX Server 1.5.2 to ESX Server 1.5.2 patch 4, use the upgrade-only tar archive you downloaded from the VMware site.

Caution: The instructions in this section apply only if you are upgrading from ESX Server 1.5.2 to ESX Server 1.5.2 patch 4. If you are upgrading from ESX Server 1.0, 1.1, 1.5, or 1.5.1, then refer to the ESX Server 1.5.2 release notes.

1. Log in as root into the ESX Server Console Operating System.
2. Download the patch, esx-1.5.2-patch4.tar.gz, into a temporary directory, for example /tmp, on your ESX Console Operating System.
3. Change directories to /tmp:
   cd /tmp
4. Verify the integrity of the package:
   md5sum esx-1.5.2-patch4.tar.gz
   The output should be:
   06364a2810cf7f4ed6793a8bd8a9c171 esx-1.5.2-patch4.tar.gz
   
5. Extract the compressed tar archive:
   tar -xvzf esx-1.5.2-patch4.tar.gz
6. Change directories to the newly created directory, upgrade152p4.
   cd upgrade152p4
7. Run the patch installer.
   ./upgrade.pl
8. The patch is now installed. Reboot your ESX Server machine for the patch to take effect.

After upgrading your system, review the warnings log file. You can view it from the VMware Management Interface. Log in to the management interface as the root user. Click Configure System. Then, in the Server Management section of the page, click Log File Viewer and open the warnings file. If you see any lines that begin with SysAlert, check the VMware Knowledge Base or contact your support representative for information on how to correct the problem.

Manual Steps to Upgrade From ESX Server 1.5.2 to ESX Server 1.5.2 Patch 4
If you experience any problems with the upgrade script, you can upgrade manually by following the steps below.

1. Reboot the machine and choose linux at the LILO prompt.
2. Insert the VMware ESX Server CD and run the following commands to update the ESX Server software. mount /mnt/cdrom
   rpm -Uvh /mnt/cdrom/VMnix-*.rpm
   rpm -Uvh /mnt/cdrom/VMware-esx-*.rpm
   cd /tmp
   cp /mnt/cdrom/VMware-mui-*.tar.gz .
   tar xzf VMware-mui-*.tar.gz
   umount /mnt/cdrom
   cd /tmp/vmware-mui-distrib
   ./vmware-install.pl
3. Reboot the system by typing reboot.
4. When the system reboots, go to the configuration pages at
   http://<hostname>/vmware/config

   Go to the Configuration Settings page and click Save Options. ESX Server is configured and the VMkernel is loaded. ESX Server is now fully upgraded. You may also want to look at the other settings (NIC, security, and so on) to make sure that they still have appropriate values.

After upgrading your system, review the warnings log file. You can view it from the VMware Management Interface. Log in to the management interface as the root user. Click Configure System. Then, in the Server Management section of the page, click Log File Viewer and open the warnings file. If you see any lines that begin with SysAlert, check the VMware Knowledge Base or contact your support representative for information on how to correct the problem.