vmware has recently released a patch for their vSphere 4.0 product line, which affects both ESX and ESXi.

Details from vmware;

We are pleased to inform you that a new VMware ESX 4.0 Patch is available as of April 28, 2011.

Improvements included in this patch:

• An update for the Certificate Revocation List (CRL) to revoke an RSA key that HP uses for code signing certain software components
• Remediation of a denial of service possibility. By sending malicious network traffic an attacker could exhaust the available sockets which would prevent further connections to the host
• Refinements in handling of shared folders

Detailed information regarding resolved and known issues and enhancements can be found at ESX 4.0 Patch Release Notes

• http://kb.vmware.com/kb/1037260
• http://kb.vmware.com/kb/1037261

VMware ESX 4.0 Patch is available for download at:
Download VMware ESX 4.0 Patch http://www.vmware.com/patch/download/.

Thanks,

VMware vSphere Product Management Team

One of the patches included (ESX400-201104401-SG for ESX and ESXi400-201104401-SG for ESXi) resolves a couple different issues, one updates the Certification Revocation List (CRL) to revoke a key that HP uses for code-signing certain software components. HP server contains a new key pair and has re-signed the affected software components with the new key. What this means is that if you apply this patch on a HP server and you are using specific HP management agents (like the HP Management Agent for VMware ESX 4.x) you will need to download the software with the updated key and re-install it.

The other fix within the above mentioned patch resolves a potential denial of service attack against the vmkernel over it’s management interface. When an attacker exhausts all available sockets the ESX(i) host will become inaccessible via vCenter or the vSphere client. Virtual Machines will continue to run and have network connectivity, but the ESX(i) host may need to be rebooted in order to be able to connect to the machine again. The ESX(i) system might intermittently lose connectivity caused by applications that do not correctly close sockets. If this occurs, an error message similar to the following might be written to the vpxa log file:
socket() returns -1 (Cannot allocate memory)
An error message similar to the following might be written to the VMkernel log file:
socreate(type=2, proto=17) failed with error 55
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2011-1785 to this issue. More information on this patch can be found in KB 1037258 (ESX) and KB 1037259 (ESXi).

Another patch, specific to ESXi (ESXi400-201104402-BG), has also been released. The only information on this patch can be found in KB 1037553 which states “This patch improves the way shared folders are handled.”.

Posted under vSphere

For those of you still running the VI 3.0 suite of vmware products will be happy to know that vmware hasn’t forgotten about you. There was a recent release of version 3.0.3 for ESX which pretty much covers some vulnerabilities in the service console. The biggest piece of this patch is the fact that it will be required if you plan on obtaining upgrades after June 1, 2011. The reason for this is because the secure key RPM needs to be updated, which is included in the 3.0.3 patch bundle, more information on this can be found in KB 1031235.

Here is some more information from the release notes;

Improvements included in this patch:

• The service console RPM for krb5 is updated to krb5-libs-1.2.7-72. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1321 to the security issue that this update addresses.
• The service console RPMs for Samba are updated to samba-3.0.9-1.3E.18vmw,
  samba-common-3.0.9-1.3E.18vmw, and samba-client-3.0.9-1.3E.18vmw versions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE -2009-2906,
  CVE-2010-2063, and CVE-2010-3069 to the security issues that this update addresses.
• To continue applying patches on ESX 3.0.3 hosts, you must update the secure key RPM
  before June 1, 2011. This patch updates the secure key.

Detailed information regarding resolved and known issues and enhancements can be found at ESX 3.0.3 Patch Release Notes:

• http://kb.vmware.com/kb/1031234
• http://kb.vmware.com/kb/1031235
• http://kb.vmware.com/kb/1031238

VMware ESX 3.0.3 Patch is available for download at http://www.vmware.com/patch/download/.

Posted under VMware

Sometime yesterday ESX(i) Update 5 finally hit VMware Update Manager, about 2 days after the official announcement and release on the VMware website. This announcement includes updates for ESX, ESXi and vCenter Server. In addition to Update 5 being released there were about 20 additional updates made available for ESX(i), including 16 which were marked as critical.

The following information provides highlights of some of the enhancements available in this release of VMware ESX Server, this information can be found in the VMware ESX(i) 3.5 U5 Release Notes:

Enablement of Intel Xeon Processor 3400 Series– Support for the Intel Xeon processor 3400 series has been added. Support includes Enhanced VMotion capabilities. For additional information on previous processor families supported by Enhanced VMotion, see Enhanced VMotion Compatibility (EVC) processor support (KB 1003212).

Driver Update for Broadcom bnx2 Network Controller– The driver for bnx2 controllers has been upgraded to version 1.6.9. This driver supports bootcode upgrade on bnx2 chipsets and requires bmapilnx and lnxfwnx2tools upgrade from Broadcom. This driver also adds support for Network Controller - Sideband Interface (NC-SI) for SOL (serial over LAN) applicable to Broadcom NetXtreme 5709 and 5716 chipsets.

Driver Update for LSI SCSI and SAS Controllers – The driver for LSI SCSI and SAS controllers is updated to version 2.06.74. This version of the driver is required to provide a better support for shared SAS environments.

Newly Supported Guest Operating Systems – Support for the following guest operating systems has been added specifically for this release:

For more complete information about supported guests included in this release, see the VMware Compatibility Guide: http://www.vmware.com/resources/compatibility/search.php?deviceCategory=software.

• Windows 7 Enterprise (32-bit and 64-bit)
• Windows 7 Ultimate (32-bit and 64-bit)
• Windows 7 Professional (32-bit and 64-bit)
• Windows 7 Home Premium (32-bit and 64-bit)
• Windows 2008 R2 Standard Edition (64-bit)
• Windows 2008 R2 Enterprise Edition (64-bit)
• Windows 2008 R2 Datacenter Edition (64-bit)
• Windows 2008 R2 Web Server (64-bit)
• Ubuntu Desktop 9.04 (32-bit and 64-bit)
• Ubuntu Server 9.04 (32-bit and 64-bit)

Newly Supported Management Agents – See VMware ESX Server Supported Hardware Lifecycle Management Agents for current information on supported management agents.

Newly Supported Network Cards –This release of ESX Server supports HP NC375T (NetXen) PCI Express Quad Port Gigabit Server Adapter.

Newly Supported SATA Controllers – This release of ESX Server supports the Intel Ibex Peak SATA AHCI controller.

In addition to the enhancements found in ESX(i) 3.5 U5, there is also one lonely enhancement made to vCenter Server 2.5 U5:

Support for High Consolidation in VMware HA Clusters- VirtualCenter 2.5 Update 5 includes significant performance and scalability improvements to VMware HA. Use VirtualCenter 2.5 Update 5 for environments with more than 35 virtual machines per host in an HA cluster.
For information on the ESX Server host settings required for this scalability improvement, see ESX Server host settings required for environments with up to 80 virtual machines per host in an HA Cluster (KB 1012002).

Updating your ESX servers can and should be done with VMware Update Manager. To upgrade your vCenter Server installation you’ll need to download the installation ISO or ZIP from the VMware website and perform an in-place upgrade. Be sure to create a backup of your vCenter Server database then follow the steps in the Installation Guide.

Posted under ESX 3.5 Tips, ESXi 3.5 Tips, vCenter

VMware has released the latest update to its ESX(i) 3.5 flagship product, Update 4.  It is strongly recommended that you upgrade to VMware vCenter 2.5 Update 4 prior to upgrading your ESX hosts.  Updates such as this one typically include a number of system improvements and also all of the patches available in-between it and the previous update available. Numerous driver additions and updates have been added to this update roll-up, including;

Read More…

Posted under ESX 3.5 Tips, ESXi 3.5 Tips