VMware

VMware ESX Server 2.0.2 Upgrade Patch 5 (for 2.0.2 Systems Only)

Released 2/28/07

TAR File

This document contains the following information:

Security Issues

Please refer to KB 1107 for VMware product security alerts. This patch addresses the following security issues:

  • This update fixes a potential security vulnerability where the VMware Management Interface discloses the Apache Web server's version.

  • This update changes server banner display information to supress display of port number, hostname, or any other secured information.

  • This update includes updated gzip packages that fix several security issues. Tavis Ormandy of the Google Security Team discovered two denial of service flaws and several code execution flaws in the way gzip expanded archive files. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the names CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337, and CVE-2006-4338 to this issue.

  • A possible security issue with integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server may allow local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which could lead to a heap-based buffer overflow. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-3739 to this issue.

  • A possible security issue with integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server may allow local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-3740 to this issue.

  • A possible security issue with GNU tar 1.16 and 1.15.1, and possibly other versions, may allow user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-6097 to this issue.

Applicability

This patch is an ESX Server 2.0.2 patch. Please make sure that ESX Server 2.0.2 build 23922 or later is installed before applying the patch. Run vmware -v to display version and build information for your system.

Installing the Update

Note: VMware recommends backing up your ESX Server installation before installing this patch. Also, a minimum of 350 MB of temporary free space on "/" filesystem is required for installing this patch.

This update requires you to boot your server into Linux mode to perform the upgrade. When you are prompted to reboot at the end of the upgrade, the installer will restart your system to run ESX Server.

  1. Power off all virtual machines.
  2. Restart your system.
  3. At the LILO Boot Menu, select linux-up.
  4. Log in as root into the ESX Server service console, in Linux mode.
  5. Download the tar file into the temporary directory under /root on your ESX Server service console.
  6. Change your working directory to that directory.
  7. Verify the integrity of the package:
    # md5sum esx-2.0.2-39682-upgrade.tar.gz

    The md5 checksum output should match the following:
    23258490ad68bc3fe94c7cd30fc1aee2  esx-2.0.2-39682-upgrade.tar.gz

  8. Extract the compressed tar archive:
    # tar -xvzf esx-2.0.2-39682-upgrade.tar.gz
  9. Change to the newly created directory:
    # cd esx-2.0.2-39682-upgrade
  10. Run the installer:
    # ./upgrade.pl
  11. The system updates have now been installed. A reboot prompt displays:
    Reboot the server now [y/n]?

    12. This update will not be complete until you reboot the ESX Server. If you enter N, to indicate that you will not reboot at this time, ESX Server displays the warning message "Please reboot the server manually. Your virtual machines will not run properly until this is done." If you see this message, you must manually reboot the server to complete the driver update.

  12. At the reboot prompt, enter Y to reboot the server.