VMware ESX Server 2.5.5 Upgrade Patch 12 (for 2.5.5 Systems Only)
Released 2/26/09
TAR File |
This document contains the following information:
Security Issues
Refer VMware Security Center for regular updates to the VMware Security Advisories.
This patch updates the service console to resolve the following security issues:
- An integer overflow flaw found in the libxml2 XML parser causes a heap-based buffer overflow. If an application using libxml2 processes untrusted or malformed XML content, the application might stop responding or start executing arbitrary code.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4226 to this issue.
- A denial-of-service flaw was found in the libxml2 XML parser. If an application using libxml2 processes untrusted or malformed XML content, the application might enter an infinite loop.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4225 to this issue.
- A heap-based buffer overflow was found in the way the GNU ed line editor processes long file names. If a file created with a specially crafted name is opened in the ed editor, the file might execute arbitrary code.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-3916 to this issue.
- This patch improves data collection when the vm-support script is run by the ESX administrator on request of VMware support or its support partners. The file that contains the SSL keys for communication between ESX and VC and other applications is no longer collected. For more information, refer Data Security Best Practices - SSL keys for communicating with VirtualCenter and other applications (KB 1008166).
Resolved Issues
Applicability
This patch is an ESX Server 2.5.5 patch. Ensure that ESX Server 2.5.5 build 57619 or higher is installed before applying the patch. Run vmware -v to see the version and build information for your system.
Installing the Update
Note: Back up your ESX Server installation before installing this patch. Also, a minimum of 350MB of temporary free space on the "/" file system is required for installing this patch.
This update requires you to boot your server into Linux mode to perform the upgrade. When you are prompted to reboot at the end of the upgrade, the installer will restart your system to run ESX Server.
- Power off all virtual machines.
- Restart your system.
- At the LILO Boot Menu, select the option appropriate for your system.
- For a boot-from-SAN installation, select esx-san-safe.
- For all other installations, select linux-up.
- Log in as root to the ESX Server service console.
- Download the tar file into a temporary directory under /root on your ESX Server service console.
- Change your working directory to that directory.
- Verify the integrity of the package:
# md5sum esx-2.5.5-142709-upgrade.tar.gz
The md5 checksum output should match the following:
2a0bd5cc3591b1f6b04616fa2c97f78c esx-2.5.5-142709-upgrade.tar.gz
- Extract the compressed tar archive:
# tar -xvzf esx-2.5.5-142709-upgrade.tar.gz
- Change to the newly created directory:
# cd esx-2.5.5-142709-upgrade
- Run the installer:
# ./upgrade.pl
- The system updates have now been installed. A reboot prompt is displayed:
Reboot the server now [y/n]?
This update will not be complete until you reboot the ESX Server host.
If you enter n to indicate that you will not reboot the server at this time,
ESX Server displays the warning message: Please reboot the server manually. Your virtual machines
will not run properly until this is done. If you see this message, you must manually reboot the server
to complete the upgrade.
- At the reboot prompt, enter y to reboot the server.
|