VMware

VMware ESX Server 1.5.2 Patch 5 Security Update


Released 1/28/04

TAR File

This patch includes a new update for ESX Server 1.5.2 Patch 5 and addresses vulnerabilities in the Linux kernel. It includes a new update for ESX Server 1.5.2 Patch 5 and addresses the following security vulnerabilities in the Linux kernel.

ISSUE 1: A security bug has been discovered in the Linux kernel within the sbrk() function. A user could execute the sbrk() system call with invalid values and cause the kernel to map its memory into the user application. Details on this advisory are available at: http://www.kb.cert.org/vuls/id/301156

ISSUE 2: A security vulnerability due to a flaw in bounds checking in mremap() in the Linux kernel may allow a local attacker to gain root privileges. Details on this advisory are available at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985

Note: This update only works if you have ESX Server 1.5.2 Patch 5 build 5835. Please make sure that this build is installed before applying the patch.

Installing the Update

This update will require a reboot of your ESX server to take effect. You must shutdown your virtual machines before installing the patch.

  1. Log in as root into the ESX Server 1.5.2 Patch 5 service console.

  2. Your path variable should contain /usr/bin:/bin.

  3. Download the tar file into the temporary directory /tmp, on your ESX service console.

  4. Change directories to /tmp:
    cd /tmp

  5. Verify the integrity of the package:
    md5sum esx152_update_6994.tar.gz

    The md5 checksum output should match the following:
    049c891d74ba7f2045778493c7b76ae6 esx152_update_6994.tar.gz

  6. Extract the compressed tar archive:
    tar -xvzf esx152_update_6994.tar.gz

  7. Change directories to the newly created directory, /tmp/esx152_update_6994:
    cd esx152_update_6994

  8. Run the driver installer:
    /usr/bin/perl ./esx6994update.pl

  9. The drivers are now updated. A reboot prompt displays:
    Reboot the server now [y/n]?

    This update will not be complete until you reboot the ESX Server. If you enter N, to indicate that you will not reboot at this time, ESX Server displays the warning message "Please reboot the server manually for this update to take effect. Update has been terminated unexpectedly." If you see this message, you must manually reboot the server to complete the driver update.

  10. At the reboot prompt, enter Y to reboot the server.