VMware ESX Server 2.1.3 Upgrade Patch 6 (for 2.1.3 Systems Only)

Released 5/15/07

TAR File

This document contains the following information:

• Resolved Issues
• Security Issues
• Applicability
• Installing the Update

Resolved Issues

This patch addresses the following issues:

• This patch includes updated tzdata RPM, which provides time zone rule updates for the following regions:
  • Pulaski County, Indiana, is switching from CST/CDT to EST/EDT on 3/11.
  • Turkey switches at 01:00 standard time, not at 01:00 UTC.
  • Updated Bahamas time zone with 2007 US DST change compliance.
  • Added new zone Australia/Eucla.
  • Atlantic/Faeroe time zone is renamed to Atlantic/Faroe.
  • Latitude/longitude changes for Europe/Jersey and Europe/Podgorica NOTE: Europe Jersey and Podgorica time zones no longer observe daylight saving; the DST roll-forward on 3/25/07 and roll-back on 10/28 rules have been removed.
  • Cuba has ended its three years of permanent DST NOTE: time change rule on 10/28/07 has been removed.

• This patch provides an additional RPM (tzdata-update-1.1-1vmw) which includes a solution to ensure updated time zone rules are reflected with /etc/localtime.

Security Issues

Please refer to KB 1107 for VMware product security alerts. This patch addresses the following security issues:

• Some VMware products support storing configuration information in VMware system files. Under some circumstances, a malicious user could instruct the virtual machine process (VMX) to store malformed data, causing an error. This error could enable a successful Denial-of-Service attack on guest operating systems. Thanks to Per-Fredrik Pollnow and Mikael Janers technical security consultants at SunGard iXsecurity for identifying this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-1877 to this issue.
• A possible security issue may allow local users to cause a denial of service via a userspace process that issues a USB Request Block to a USB device and terminates before the URB is finished, which could lead to a stale pointer reference. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-3055 to this issue.
• Virtual machines can be put in various states of suspension, as specified by the ACPI power management standard. When returning from a sleep state (S2) to the run state (S0), the virtual machine process (VMX) collects information about the last recorded running state for the virtual machine. Under some circumstances, VMX read state information from an incorrect memory location. This issue could be used to complete a successful Denial-of-Service attack where the virtual machine would need to be rebooted. Thanks to Tavis Ormandy of Google for identifying this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2007-1337 to this issue.
• Some VMware products managed memory in a way that failed to gracefully handle some general protection faults (GPFs) in Windows guest operating systems. A malicious user could use this vulnerability to crash Windows virtual machines. While this vulnerability could allow an attacker to crash a virtual machine, we do not believe it was possible to escalate privileges or escape virtual containment. Thanks to Rubén Santamarta of Reversemode for identifying this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2007-1069 to this issue.
• The sort_offline function for texindex in texinfo 4.8 and earlier could allow local users to overwrite arbitrary files via a symlink attack on temporary files. Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier could allow local users to execute arbitrary code via a crafted Texinfo file. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the names CVE-2005-3011 and CVE-2006-4810 to this issue.

Applicability

This patch is an ESX Server 2.1.3 patch. Please make sure that ESX Server 2.1.3 build 22983 or later is installed before applying the patch. Run vmware -v to display version and build information for your system.

Installing the Update

Note: VMware recommends backing up your ESX Server installation before installing this patch. Also, a minimum of 350 MB of temporary free space on "/" filesystem is required for installing this patch.

This update requires you to boot your server into Linux mode to perform the upgrade. When you are prompted to reboot at the end of the upgrade, the installer will restart your system to run ESX Server.

1. Power off all virtual machines.
2. Restart your system.
3. At the LILO Boot Menu, select linux-up.
4. Log in as root into the ESX Server service console, in Linux mode.
5. Download the tar file into the temporary directory under /root on your ESX Server service console.
6. Change your working directory to that directory.
7. Verify the integrity of the package:
   # md5sum esx-2.1.3-44407-upgrade.tar.gz

   The md5 checksum output should match the following:
   2dfc6aca32c77d673b0f7a1295ad7609 esx-2.1.3-44407-upgrade.tar.gz

8. Extract the compressed tar archive:
   # tar -xvzf esx-2.1.3-44407-upgrade.tar.gz
9. Change to the newly created directory:
   # cd esx-2.1.3-44407-upgrade
10. Run the installer:
    # ./upgrade.pl
11. The system updates have now been installed. A reboot prompt displays:
    Reboot the server now [y/n]?

This update will not be complete until you reboot the ESX Server. If you enter N, to indicate that you will not reboot at this time, ESX Server displays the warning message "Please reboot the server manually. Your virtual machines will not run properly until this is done." If you see this message, you must manually reboot the server to complete the driver update.

12. At the reboot prompt, enter Y to reboot the server.