VMware releases patch for glibc vulnerability on ESXi 5.5

VMware

VMware ESXi550-201602401-SG

You may remember not to long ago, the GHOST vulnerability found in glibc, a GNU C library. Well a new glibc vulnerability (CVE-2015-7547) has been discovered and it affects VMware ESXi 5.5 and 6.0 in addition to all versions of VMware virtual appliances running Linux such as vCenter, Orchestrator, vRealize, etc.

VMware has just released patch ESXi550-201602401-SG for ESXi 5.5 and ESXi600-201602401-SG for ESXi 6.0 which fixes the glibc vulnerability, a patch for ESXi 6.0 has yet to be released. VMware has however posted workarounds for affected virtual appliances.

In addition, ESXi550-201602401-SG also fixes two other issues:

  • ESXi hosts might purple screen due to an unresponsive CPU as a result of several CMCIs within a short time. Sample purple diagnostic screen might look like the following: 
    cpu1:33127)MCE: 1118: cpu1: MCA error detected via CMCI (Gbl status=0x0): Restart IP: invalid, Error IP: invalid, MCE in progress: no.cpu1:33127)MCE: 231: cpu1: bank9: MCA recoverable error (CE): "Memory Controller Scrubbing Error on Channel 0."cpu1:33127)MCE: 222: cpu1: bank9: status=0xXXXXXXXXXXXXXXXX: (VAL=1, OVFLW=0, UC=0, EN=0, PCC=0, S=0, AR=0), ECC=no, Addr:0xXXXXXXXXXXXXXXXX (valid), Misc:0x8c3589300 (valid)
  • Resolves the issue where virtual machine vMotions would fail when trying to vMotion from an ESXi 5.0 or 5.1 host to an ESXi 5.5 U3b host.

UPDATE: VMware has released ESXi 6 patch ESXi600-201602401-SG which updates the glibc package and patches the glibc vulnerability.

A host reboot will be required to apply the ESXi patches. After applying the patch your ESXi 5.5 host should have a build number of 3568722.

Similar Posts

  • Another CBT bug found in VMware ESXi 6.0

    VMware
    0 Comments

    VMware

    VMware just published KB 2136854 regarding a new bug found in ESXi 6.0 that causes virtual machine backups, which use Changed Block Tracking (CBT), to be inconsistent. VMware says the cause of the issue is this:

    This issue occurs due to an issue with CBT in the disklib area, this causes the change tracking information of I/Os that occur during snapshot consolidation to be lost. The main backup payload data is never lost and it is always written to the backend device. However, the corresponding change tracking information entries which occur during the consolidation task are missed. Subsequent QueryDiskChangedAreas() calls do not include these missed blocks, hence a backup based on this CBT data is inconsistent.

    Read More “Another CBT bug found in VMware ESXi 6.0”

  • vSphere 5.1 Release Date leaked, maybe?

    VMware
    0 Comments

    Looks like Sammy Bogaert over at Boerlowie’s Blog has possibly found the release date of vSphere 5.1… maybe?

    I was about to download vSphere Update Manager PowerCLI 5.0.

    I followed the main site and wanted to check the documentation first. So I clicked the Documentation button.

    vmware update manager

    This lead me to the Docs of Update Manager PowerCLI 5.1! That’s right, 5.1! With a release date of 10 September 2012.

    vsphere5.1 release date

    None of the links for 5.1 work, so no news on any new features…

    Guess somebody at VMware was a bit too fast to update the website

    Nice find Sammy, guess time will tell if the Sept. 10th date is the actual release date or not.

  • VMware Recertification Policy

    VMware
    1 Comment

    VMware certified

    Starting today, March 10 2014, new VCP certifications must be re-certified within two years of it’s earned date. Anyone who currently has their VCP certification prior to March 10 2013 has until March 10, 2015 to re-certify.

    The new policy gives you three options to re-certify:

    1. Take the current exam for your existing VCP certification solution track. For example, if you are a VCP3, you could take the current VCP5-Data Center Virtualization (VCP5-DCV) exam.
    2. Earn a new VCP certification in a different solution track. For example, if you are a VCP-Cloud, you could recertify by earning VCP5-Desktop (VCP5-DT) certification.
    3. Advance to the next level by earning a VMware Certified Advanced Professional (VCAP) certification. For example, if you are a VCP5-DCV you could earn VCAP5-DCA certification.

    I can understand why they are doing this but I don’t agree with the changes. As per the announcement if you let your certification expire, “Your certification will be revoked,and you will no longer be entitled to use the certification logo or represent yourself as VMware certified“. Really? You mean everything that was done prior and after taking the exam means nothing?

    Read More “VMware Recertification Policy”

  • Easy ESXi 5.5 upgrade via command line

    VMware
    17 Comments

    ESXi 5.5 was just released general availability (GA) on Sunday (9/22) and I’m itching to upgrade the home lab to run the latest version with all it’s goodies. I wanted to try upgrading my hosts without having to go through the same process that I followed setting up ESXi on the NUC in the first place, injecting custom NIC drivers, etc.

    Enter the command line…

    1. Move all VM’s from the host and then put the host into Maintenance Mode.
    2. Go to the Configuration tab > Security Profile and Enable SSH under Services.
      ssh enabled
    3. Under Firewall, enable httpClient (outbound http).
      httpClient enable
    4. Open PuTTY (or other SSH client) and SSH into your host.

      5. Read More “Easy ESXi 5.5 upgrade via command line”

  • VMware Certified Professional 6 (VCP6-DCV) now available

    VMware
    0 Comments

    VMware VCP DCV

    VMware has just recently announced that the VMware Certified Professional 6 (VCP6-DCV) is now available. The new VCP6 exam is similar to the others in the past whereas the VCP6 aims to validate your ability to deploy, configure, administer and scale a vSphere virtualized data center, including administering and troubleshooting virtualization technologies such as:

    • vSphere HA and DRS Clusters
    • Storage virtualization using VMFS
    • Storage DRS and Storage I/O Control
    • Network virtualization using vSphere standard and distributed switches and Network I/O Control
    • vSphere management using vCenter Server and vRealize Operations Manager Standard
    • Virtual Machines

    Read More “VMware Certified Professional 6 (VCP6-DCV) now available”

Leave a Reply

Your email address will not be published. Required fields are marked *