VMware

VMware ESX Server 2.5.4 Upgrade Patch 5 (for 2.5.4 Systems Only)

Released 2/28/07

TAR File

This document contains the following information:

What's New

Added support for the following servers:

  • Dell PowerEdge 6950

Resolved Issues

This patch addresses the following issues:

  • This patch fixes an issue where a virtual machine may hang when it makes continuous I/O operations on service console dedicated devices, such as CD-ROM or floppy devices.

  • This patch includes an improvement to the watchdog handler to better detect a possible network transmit hang that may cause loss of network connectivity. The watchdog timer is reduced from 5 seconds to 2 seconds to increase granularity of checking for possible transmit hang conditions.

Management Agents

  • This release includes enhancements to the Dell OpenManage installation script to provide support for future versions. In the prompt for version 5.0 or 5.2 installation, please choose 5.0 until version 5.2 is released and supported.

Security Issues

Please refer to KB 1107 for VMware product security alerts. This patch addresses the following security issues:

  • This update includes updated gzip packages that fix several security issues. Tavis Ormandy of the Google Security Team discovered two denial of service flaws and several code execution flaws in the way gzip expanded archive files. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the names CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337, and CVE-2006-4338 to this issue.
  • A possible security issue with integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server may allow local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which could lead to a heap-based buffer overflow. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-3739 to this issue.
  • A possible security issue with integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server may allow local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-3740 to this issue.
  • A possible security issue with GNU tar 1.16 and 1.15.1, and possibly other versions, may allow user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-6097 to this issue.

Applicability

This patch is an ESX Server 2.5.4 patch. Please make sure that ESX Server 2.5.4 build 32233 or later is installed before applying the patch. Run vmware -v to display version and build information for your system.

Note: For IBM X460 server, please follow the instructions in KB article 8949128 to boot the server into maintenance mode before applying the patch.

Installing the Update

Note: VMware recommends backing up your ESX Server installation before installing this patch. Also, a minimum of 350 MB of temporary free space on "/" filesystem is required for installing this patch.

This update requires you to boot your server into Linux mode to perform the upgrade. When you are prompted to reboot at the end of the upgrade, the installer will restart your system to run ESX Server.

  1. Power off all virtual machines.
  2. Restart your system.
  3. At the LILO Boot Menu, select the option appropriate for your system.
    • For a boot-from-SAN installation, select esx-san-safe.
    • For all other installations, select linux-up.
  4. Log in as root into the ESX Server service console, in Linux mode.
  5. Download the tar file into the temporary directory under /root on your ESX Server service console.
  6. Change your working directory to that directory.
  7. Verify the integrity of the package:
    # md5sum esx-2.5.4-39751-upgrade.tar.gz

    The md5 checksum output should match the following:
    70006981fcdc6708bc08515400855a68  esx-2.5.4-39751-upgrade.tar.gz

  8. Extract the compressed tar archive:
    # tar -xvzf esx-2.5.4-39751-upgrade.tar.gz
  9. Change to the newly created directory:
    # cd esx-2.5.4-39751-upgrade
  10. Run the installer:
    # ./upgrade.pl
  11. The system updates have now been installed. A reboot prompt displays:
    Reboot the server now [y/n]?
  12. This update will not be complete until you reboot the ESX Server. If you enter N, to indicate that you will not reboot at this time, ESX Server displays the warning message "Please reboot the server manually. Your virtual machines will not run properly until this is done." If you see this message, you must manually reboot the server to complete the driver update.

  13. At the reboot prompt, enter Y to reboot the server.