Details
Release date: June 28, 2018
Patch CategoryBugfixPatch SeverityImportantHost Reboot RequiredYesVirtual Machine Migration or Shutdown RequiredYesAffected HardwareN/AAffected SoftwareN/AVIBs Included
VMware_bootbank_vsan_6.7.0-0.14.8941472VMware_bootbank_esx-base_6.7.0-0.14.8941472VMware_bootbank_vsanhealth_6.7.0-.14.8941472
PRs Fixed N/ARelated CVE numbersN/A
Solution
Summaries and Symptoms
This patch updates the esx-base, vsan and vsanhealth VIBs to resolve the following issues:
This ESXi patch provides part of the hypervisor-assisted guest mitigation of CVE-2018-3639 for guest operating systems. For important details on this mitigation, see VMware Security Advisory VMSA-2018-0012.1.VMware ESXi contains multiple out-of-bounds read vulnerabilities in the DX11 translator. Successful exploitation of these issues might lead to information disclosure or might allow attackers with normal user privileges to crash their virtual machines. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2018-6965, CVE-2018-6966, and CVE-2018-6967 to these issues.Datastores might become inaccessible after a rebootless upgrade in ESXi configurations with LSI controllers. This is because a STOP UNIT command, sent to drives during driver unload, is not matched with a START UNIT command during load. As result, the drive media might be inaccessible after a reboot.
Patch Download and Installation
The typical way to apply patches to ESXi hosts is through the VMware vSphere Update Manager. For details, see the Installing and Administering VMware vSphere Update Manager.
ESXi hosts can be updated by manually downloading the patch ZIP file from the VMware download page and installing the VIB by using the esxcli software vib command. Additionally, the system can be updated using the image profile and the esxcli software profile command. For details, see the vSphere Command-Line Interface Concepts and Examples and the VMware ESXi Upgrade Guide.
