miércoles, 16 de mayo de 2007

Nota Técnica: Nuevos parches para VI3.

Tenemos nuevos parches para nuestros servidores ESX, así que a parchear.

Clasificación:

ESX-4825991 Patch 05/15/07 Critical Patch
ESX-5095559 Patch 05/15/07 Security Patch
ESX-5140477 Patch 05/15/07 Security Patch
ESX-6657345 Patch 05/15/07 General Patch
ESX-6704314 Patch 05/15/07 Security Patch
ESX-7281356 Patch 05/15/07 General Patch
ESX-7302867 Patch 05/15/07 Critical Patch
ESX-7408807 Patch 05/15/07 General Patch
ESX-7557441 Patch 05/15/07 General Patch

ESX-7557441 for VMware ESX Server 3.0.1

Resolved Issues

This patch fixes an issue where restarting the mgmt-vmware service can cause an unexpected reboot of virtual machines that are configured to automatically start or stop

ESX-5095559 for VMware ESX Server 3.0.1

Security Issues

This patch fixes an issue where in a 64-bit Windows guest, on a 64-bit host, debugging local programs could create system instability. Using a debugger to step into a syscall instruction may corrupt the virtual machine's register context. This corruption produces unpredictable results including corrupted stack pointers, kernel bugchecks, or vmware-vmx process failures.
Thanks to Ken Johnson for identifying this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2007-1876 to this issue.

Resolved Issues

  • This patch fixes an issue where the Linux virtual machine fails to boot from the network using PXE, and shows the network adapter hardware address as "FF:FF:FF:FF:FF:FF"
  • This patch is a partial fix for memory leaks that can occur in VMware Tools. You must also install patch ESX-6704314 to complete the fix for this issue. Patches ESX-5095559 and ESX-6704314 can be installed in any order. After both patches have been installed, you must upgrade the VMware Tools installed in all virtual machines on that host in order to complete this fix and to end warning messages that your virtual machine does not have the latest version of VMware Tools.

ESX-5140477 for VMware ESX Server 3.0.1

Security Issues

This patch fixes an issue where the SSL certificates used to authenticate mouse, keyboard and screen (MKS) connections for virtual machines were not being verified by the plugins for those devices.The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-5990 to this issue.

ESX-6657345 for VMware ESX Server 3.0.1

Resolved Issues

This patch provides an enhancement to the software ISCSI initiator that enables array vendors to certify iSCSI arrays that expect SCSI reserve/release commands without a data direction bit.

ESX-6704314 for VMware ESX Server 3.0.1

Security Issues

This patch fixes an issue where some VMware products support storing configuration information in VMware system files. Under some circumstances, a malicious user could instruct the virtual machine process (VMX) to store malformed data, causing an error. This error could enable a successful Denial-of-Service attack on guest operating systems.
Thanks to Sungard Ixsecurity for identifying this issue.The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2007-1877 to this issue.

Resolved Issues

  • This patch is a partial fix for memory leaks that can occur in VMware Tools. You must also install patch ESX-5095559 to complete the fix for this issue. Patches ESX-5095559 and ESX-6704314 can be installed in any order. After both patches have been installed, you must upgrade the VMware Tools installed in all virtual machines on that host in order to complete this fix and to end warning messages that your virtual machine does not have the latest version of VMware Tools.

ESX-7281356 for VMware ESX Server 3.0.1

Resolved Issues

  • This patch enhances the mechanism for time zone updates to ensure updated time zone rules are reflected in /etc/localtime.
  • This patch also provides the following updated time zone rules:
    Pulaski County, Indiana, is switching from CST/CDT to EST/EDT on 3/11/07
    Turkey switches at 01:00 standard time, not at 01:00 UTC.
    Updated Bahamas time zone with 2007 US DST change compliance
    Added new zone Australia/Eucla
    Atlantic/Faeroe time zone is renamed to Atlantic/Faroe
    Latitude/longitude changes for Europe/Jersey and Europe/Podgorica Note: Europe/Jersey and Europe/Podgorica time zones no longer observe daylight savings; the DST roll-forward on 3/25/07 and roll-back on 10/28/07 rules have been removed
    Cuba has ended its three years of permanent DSTNote: The rule governing the time change occurring on 10/28/07 has been removed

ESX-7302867 for VMware ESX Server 3.0.1

Resolved Issues

  • This patch resolves the following issues:
    An issue where an ESX Server panic can occur during a vm-support command after removing a USB drive from the host.
  • Updates the aacraid_esx30 driver to fix a condition that may cause an ESX Server console operating system panic when the corresponding device's /proc node is accessed. One example of such operation is during "vm-support" log collection.

ESX-7408807 for VMware ESX Server 3.0.1

Resolved Issues

  • This patch fixes an issue where the ESX Server host stops responding during the boot sequence, when a disk is missing or has failed when in RAID1 configurations on an Integrated RAID LSILogic controllers.

ESX-7557441 for VMware ESX Server 3.0.1

Resolved Issues

  • This patch fixes an issue where restarting the mgmt-vmware service can cause an unexpected reboot of virtual machines that are configured to automatically start or stop.

Os aconsejo aplicarlos todos, pero especialmente los críticos.

Buen parcheo y un abrazo.