VMware releases patch for glibc vulnerability on ESXi 5.5

VMware ESXi550-201602401-SG

You may remember not to long ago, the GHOST vulnerability found in glibc, a GNU C library. Well a new glibc vulnerability (CVE-2015-7547) has been discovered and it affects VMware ESXi 5.5 and 6.0 in addition to all versions of VMware virtual appliances running Linux such as vCenter, Orchestrator, vRealize, etc.

VMware has just released patch ESXi550-201602401-SG for ESXi 5.5 and ESXi600-201602401-SG for ESXi 6.0 which fixes the glibc vulnerability, a patch for ESXi 6.0 has yet to be released. VMware has however posted workarounds for affected virtual appliances.

In addition, ESXi550-201602401-SG also fixes two other issues:

  • ESXi hosts might purple screen due to an unresponsive CPU as a result of several CMCIs within a short time. Sample purple diagnostic screen might look like the following:
    cpu1:33127)MCE: 1118: cpu1: MCA error detected via CMCI (Gbl status=0x0): Restart IP: invalid, Error IP: invalid, MCE in progress: no.cpu1:33127)MCE: 231: cpu1: bank9: MCA recoverable error (CE): "Memory Controller Scrubbing Error on Channel 0."cpu1:33127)MCE: 222: cpu1: bank9: status=0xXXXXXXXXXXXXXXXX: (VAL=1, OVFLW=0, UC=0, EN=0, PCC=0, S=0, AR=0), ECC=no, Addr:0xXXXXXXXXXXXXXXXX (valid), Misc:0x8c3589300 (valid)
  • Resolves the issue where virtual machine vMotions would fail when trying to vMotion from an ESXi 5.0 or 5.1 host to an ESXi 5.5 U3b host.

UPDATE: VMware has released ESXi 6 patch ESXi600-201602401-SG which updates the glibc package and patches the glibc vulnerability.

A host reboot will be required to apply the ESXi patches. After applying the patch your ESXi 5.5 host should have a build number of 3568722.

Similar Posts

  • Thank you VMware Community!

    VMware vExpert 2014

    So far, 2014 has been a very rewarding year for a number of reasons, two of which has happened in just a week or two span. First, Eric Siebert (@ericsiebert) announced on March 27th, this years results of the 2014 Top VMware & Virtualization Blog voting. My first year entered into voting and made it to 71st place! A huge thanks goes out to not only Eric but just as much so to everyone who voted for me!

    To top it off, yesterday VMware announced 2014’s first quarter VMware vExpert list. While vExpert isn’t a technical certification or even a general measure of VMware expertise. The VMware judges selected people who were engaged with their community and who had developed a substantial personal platform of influence in those communities. There were a lot of very smart, very accomplished people, even VCDXs, that weren’t named as vExpert this year. VMware awarded this title to 754 people this year and on that list of many impressive names you’ll find yours truly, Michael Tabor!

    I’m both honored and humbled by both lists. It’s a great feeling to be recognized by not only my peers through the voting in the Top vBlog but also by VMware themselves through the vExpert title.

    So again THANK YOU very much to the entire VMware community, a spectacular community indeed, and congratulations to everyone else that made the Top vBlog and vExpert lists!

  • How to update VMware Windows VM’s DNS using PowerCLI

    This post will show you how to update a VMware Windows virtual machine’s DNS IP addresses using PowerCLI.

    You’ll also see how I went from a starting point to a fully working script – all thanks to the awesome #vCommunity!

    Here at work we’ve been doing a number of networking, AD, and DNS changes. In doing so, our DNS IP address have changed. Changing the DNS settings for our workstations was easy, simply edit the DHCP scope.

    The servers on the other hand all had static IP’s and static DNS IP’s entered, each of which needed to be updated.

    Read More “How to update VMware Windows VM’s DNS using PowerCLI”

  • Another CBT bug found in VMware ESXi 6.0

    VMware

    VMware just published KB 2136854 regarding a new bug found in ESXi 6.0 that causes virtual machine backups, which use Changed Block Tracking (CBT), to be inconsistent. VMware says the cause of the issue is this:

    This issue occurs due to an issue with CBT in the disklib area, this causes the change tracking information of I/Os that occur during snapshot consolidation to be lost. The main backup payload data is never lost and it is always written to the backend device. However, the corresponding change tracking information entries which occur during the consolidation task are missed. Subsequent QueryDiskChangedAreas() calls do not include these missed blocks, hence a backup based on this CBT data is inconsistent.

    Read More “Another CBT bug found in VMware ESXi 6.0”

  • VMware ESXi 5 fails to install on Intel NUC, “No Network Adapters” error

    If you use the VMware ESXi 5 ISO image and try to install it on an Intel NUC you’ll receive the following error during the install.

    No Network Adapters

    No network adapters were detected. Either no network adapters are physically connected to the system, or a suitable driver could not be located. A third party driver my be required.

    Ensure that there is at least one network adapter physically connected to the system before attempting installation. If the problem persists, consult the VMware Knowledge Base.

    The “No Network Adapters” on the Intel NUC error message during the ESXi install is because VMware removed a number of drivers (non-enterprise drivers) from their ESXi 5.x image and in order to use the Intel NUC as an ESXi host you need to create a customized ESXi image with the NIC drivers added to the image.

    Read More “VMware ESXi 5 fails to install on Intel NUC, “No Network Adapters” error”

  • Edit Virtual Hardware 10 VM’s with vSphere 5.5 U2 client

    When ESXi 5.5 came out so did a new virtual hardware version, 10, as well. However the ability to edit virtual machines have have been upgraded to virtual hardware 10 was restricted to only the vSphere web client. In some cases people have put off upgrading to virtual hardware 10 either for dislike of the web client or knowing you cannot edit the VM in the event of the web client being down.

    That all changes today, VMware has just released vCenter 5.5 Update 2 today and one of the “resolved issues” in today’s release notes is the ability to now edit virtual machines with Virtual Hardware 10 using the vSphere thick (C#) client.

    edit virtual hardware 10

    Read More “Edit Virtual Hardware 10 VM’s with vSphere 5.5 U2 client”

  • vSphere 5.1 currently not compatible with any VMware View version

    Before you go updating your vSphere to the new 5.1 version that was just released, VMware had just released this alert yesterday (9/12) that vSphere 5.1 is currently NOT compatible with any version of VMware View.

    vSphere 5.1 is in the process of being certified against VMware View. We recommend that you do not upgrade vSphere above the supported versions listed in the VMware View 5.1 Release Notes.

    For further updates and more information on this alert, refer to KB article:
    vSphere 5.1 is not compatible with any versions VMware View (2035268).

    If you don’t use VMware View, and are ready to upgrade to vSphere 5.1 be sure to check out the Installing vCenter Server 5.1 best practices from VMware.

Leave a Reply

Your email address will not be published. Required fields are marked *