VMware

VMware ESX Server 2.5.3 Upgrade Patch 4 (for 2.5.3 Systems Only)

Released 10/31/06

TAR File

Resolved Issues

This patch addresses the following issues:

  • This patch includes an update that allows support for Microsoft Clustering Service (MSCS) in Windows 2003 Service Pack 1 (SP1) with VMware ESX Server. For more information, refer to KB article 2021.
  • USB modules are not loaded after reboot if installing an ESX Server system with the /usr file system on a separate partition.
  • This patch includes a fix for a problem that caused Red Hat Enterprise Linux 3 U5 virtual machines to hang.

Security Fixes

Please refer to KB 1107 for VMware product security alerts. This patch addresses the following security issues:

  • Openssh -- A bug was found in the way the OpenSSH server handled the MaxStartups and LoginGraceTime configuration variables. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CAN-2004-2069 to this issue.
  • samba -- A denial of service bug was found in the way the smbd daemon tracks active connections to shares. It was possible for a remote attacker to cause the smbd daemon to consume a large amount of system memory by sending carefully crafted smb requests. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name
    CVE-2006-3403 to this issue.
  • ucd-snmp -- A denial of service bug was found in the way ucd-snmp uses network stream protocols. A remote attacker could send a ucd-snmp agent a specially crafted packet which will cause the agent to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CAN-2005-2177 to this issue.
  • XFree86 -- An integer overflow flaw in the way the XFree86 server processes PCF files was discovered. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name
    CVE-2006-3467 to this issue.

  • Python -- An integer overflow flaw was found in Python's PCRE library that could be triggered by a maliciously crafted regular expression. On systems that accept arbitrary regular expressions from untrusted users, this could be exploited to execute arbitrary code with the privileges of the application using the library. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-2491 to this issue.
  • This patch addresses the following additional security issues:

    • An AMD fxsave/restore security vulnerability. The instructions fxsave and fxrstor on AMD CPUs are used to save or restore the FPU registers (FOP, FIP and FDP). On AMD Opteron Processors, these instructions do not save/restore some exception related registers unless an exception is currently being serviced. This can lead to a security hole that allows local attackers to monitor the execution path of FPU processes, possibly allowing them to obtain sensitive information being passed through those processes. (CVE-2006-1056).
    • A minor info leak in socket name handling in the network code (CVE-2006-1342).
    • A minor info leak in socket option handling in the network code (CVE-2006-1343).
    • A directory traversal vulnerability in smbfs that allowed a local user to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences (CVE-2006-1864).
    • A flaw in the mprotect system call that allowed to give write permission to a readonly attachment of shared memory (CVE-2006-2071).

Applicability

This patch is an ESX Server 2.5.3 patch. Please make sure that ESX Server 2.5.3 build 22981 is installed before applying the patch. Run vmware -v to display version and build information for your system.

Important Notes

Please DO NOT apply this patch on SunFire X4100 or X4200 servers. For further details, please refer to knowledge base article 2085: Installing ESX 2.5.3 on SunFire x4100 and x4200 Servers.

Red Hat released a kernel security update for Red Hat Enterprise Linux 4.0 Update 2 that does not include BusLogic driver. To install the BusLogic driver for this security update, please download the RPM bundle for BusLogic driver, and install them according to the instructions on that page.

Installing the Update

Note: VMware recommends backing up your ESX Server installation before installing this patch. Also, a minimum of 200 MB of temporary free space on "/" filesystem is required for installing this patch.

This update requires you to boot your server into Linux mode to perform the upgrade. When you are prompted to reboot at the end of the upgrade, the installer will restart your system to run ESX Server.

  1. Power off all virtual machines.
  2. Restart your system.
  3. At the LILO Boot Menu, select the option appropriate for your system.
    • For a boot-from-SAN installation, select esx-san-safe.
    • For all other installations, select linux-up.
  4. Log in as root into the ESX Server service console, in Linux mode.
  5. Download the tar file into the temporary directory /tmp on the service console.
  6. Change directories to /tmp.
  7. Verify the integrity of the package:
    # md5sum esx-2.5.3-32134-upgrade.tar.gz

    The md5 checksum output should match the following:
    4852f5a00e29b5780d9d0fadc0d28f3e esx-2.5.3-32134-upgrade.tar.gz

  8. Extract the compressed tar archive:
    # tar -xvzf esx-2.5.3-32134-upgrade.tar.gz
  9. Change to the newly created directory:
    # cd esx-2.5.3-32134-upgrade
  10. Run the installer:
    # ./upgrade.pl
  11. The system updates have now been installed. A reboot prompt displays:
    Reboot the server now [y/n]?
  12. This update will not be complete until you reboot the ESX Server. If you enter N, to indicate that you will not reboot at this time, ESX Server displays the warning message "Please reboot the server manually. Your virtual machines will not run properly until this is done." If you see this message, you must manually reboot the server to complete the driver update.

  13. At the reboot prompt, enter Y to reboot the server.