VMware

Download Bundle ESX-5754280 for VMware ESX Server 3.0.0


 

Released 3/29/07

 

Security Fixes

This bundle is a group of patches to resolve two possible security issues. They are as follows:

  • An internal security audit revealed a double free condition. It may be possible for an attacker to influence the operation of the system. In most circumstances, this influence will be limited to denial of service or information leakage, but it is theoretically possible for an attacker to insert arbitrary code into a running program. This code would be executed with the permissions of the vulnerable program. There are no known exploits for this issue.

The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2007-1270 to this issue.

  • An internal security audit revealed a potential buffer overflow condition. There are no known vulnerabilities, but such vulnerabilities may be used to elevate privileges or to crash the application and thus cause a denial of service.

The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2007-1271 to this issue.

The following patches are contained within this bundle:

  • ESX-131737
  • ESX-1870154
  • ESX-392718
  • ESX-4197945
  • ESX-4921691
  • ESX-5752668
  • ESX-7052426
  • ESX-9976400
Note: All the patches in this bundle must be applied for the security fixes described above to be complete.

Applicability

The patches in this bundle are for ESX Server 3.0.0 only. For the related bundle for ESX Server 3.0.1, please refer to http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html .

View KB 5754280 for more information.

Download Instructions

Download and verify the patch bundle as follows :

  1. Download patch ESX-5754280 by clicking on the Download Now button above .
  2. Log into the ESX Server service console as root.
  3. Create a local depot directory.

    # mkdir /var/updates

    Note: VMware recommends that you use the updates directory.

  4. Change your working directory to /var/updates.

    # cd /var/updates

  5. Download the tar file into the /var/updates directory.
  6. Verify the integrity of the downloaded tar file:

    # md5sum ESX-5754280.tgz

  7. The md5 checksum output should match the following:

    82b3c7e18dd1422f30c4aa9e477c6a27 ESX-5754280.tgz

  8. Extract the compressed tar archive:

    # tar -xvzf ESX-5754280.tgz

  9. Change to the newly created directory, /var/updates/ESX-5754280:

    # cd ESX-5754280

Installation Instructions

For ESX Server versions 3.x, patches are installed using the esxupdate utility on the ESX Server host. This patch bundle makes use of esxupdate and a script that helps you to install multiple patches. With the script, you may still choose to install all or only a few of the patches contained within the bundle, or you might choose to use the esxupdate without the script. For installation instructions for each method, please see the following sections.

For more information on using esxupdate, please refer to the Patch Management for ESX Server 3 tech note at http://www.vmware.com/pdf/esx3_esxupdate.pdf.

Note: All virtual machines on the host must be either shut down or migrated using VMotion before applying the patch. A reboot of the ESX Server Host is not required.

Installing the Patches Using The install_patches Script

Install all the patch updates using the install_patches script command provided in the patch tar file.  The install_patches script will help prompt you to decide if you want to apply All or Some Patch Bundles. Once you have downloaded and extracted the archive, and if you are in the directory you created above, start the script as follows:

# ./install_patches

When the script has completed all of the patch installations, it will prompt you whether or not you want to reboot the ESX Server host.

Installing the Patches Individually Using esxupdate

Once you have downloaded and extracted the archive, if you are in the bundle's main directory, you will need to change to the directory of the patch you want to install as follows:

# cd ESX-xxxxxx

The full path will now be something like /var/updates/ESX-5754280/ESX-xxxxxx, where ESX-xxxxxx is the patch number you want to install. To install the update, issue the following command:

# esxupdate update

If you want to run esxupdate from a different directory, you must specify the path in the command:

# esxupdate -r file://<directory>/ESX-xxxxxx update

For example, if the host is called depot:

# esxupdate –r file:///depot/var/updates/ESX-xxxxxx update

During the update process, logs appear on the terminal. You can specify the verbosity of esxupdate logs by using the -v option as shown below.

# esxupdate -v 10 file://<directory>/ESX-xxxxxx update