check-circle-line exclamation-circle-line close-line

Release Date: DEC 5, 2019

Build Details

Download Filename: ESXi650-201912001.zip
Build: 15177306
Download Size: 320.1 MB
md5sum: 0fc22f1cecc23b616bd24d1b3022773b
sha1checksum: c85d2fe3b7de05cfd4df05c7c04a787773727826
Host Reboot Required: Yes
Virtual Machine Migration or Shutdown Required: Yes

Bulletins

Bulletin ID Category Severity
ESXi650-201912301-SG Security Critical

Rollup Bulletin

This rollup bulletin contains the latest VIBs with all the fixes since the initial release of ESXi 6.5.

Bulletin ID Category Severity
ESXi650-201912001 Security Critical

Image Profiles

VMware patch and update releases contain general and critical image profiles. Application of the general release image profile applies to new bug fixes.

Image Profile Name
ESXi-6.5.0-20191203001-standard
ESXi-6.5.0-20191203001-no-tools

For more information about the individual bulletins, see the Download Patches page and the Resolved Issues section.

Patch Download and Installation

The typical way to apply patches to ESXi hosts is through the VMware vSphere Update Manager. For details, see the About Installing and Administering VMware vSphere Update Manager.

ESXi hosts can be updated by manually downloading the patch ZIP file from the VMware download page and installing the VIB by using the esxcli software vib command. Additionally, the system can be updated using the image profile and the esxcli software profile command.

For more information, see the vSphere Command-Line Interface Concepts and Examples and the vSphere Upgrade Guide.

Resolved Issues

The resolved issues are grouped as follows.

ESXi650-201912301-SG
Patch Category Security
Patch Severity Critical
Host Reboot Required Yes
Virtual Machine Migration or Shutdown Required Yes
Affected Hardware N/A
Affected Software N/A
VIBs Included
  • VMware_bootbank_esx-base_6.5.0-3.111.15177306
  • VMware_bootbank_vsanhealth_6.5.0-3.111.15079807
  • VMware_bootbank_vsan_6.5.0-3.111.15079806
  • VMware_bootbank_esx-tboot_6.5.0-3.111.15177306
PRs Fixed  N/A
Related CVE numbers CVE-2019-5544

This patch updates the esx-base, vsan, esx-tboot and vsanhealth VIBs to update the following issue:

  • OpenSLP as used in ESXi has a heap overwrite issue. This issue may allow a malicious actor with network access to port 427 on an ESXi host to overwrite the heap of the OpenSLP service resulting in remote code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2019-5544 to this issue. For more information, see VMware Security Advisory VMSA-2019-0022.

ESXi-6.5.0-20191203001-standard
Profile Name ESXi-6.5.0-20191203001-standard
Build For build information, see the top of the page.
Vendor VMware, Inc.
Release Date December 5, 2019
Acceptance Level PartnerSupported
Affected Hardware N/A
Affected Software N/A
Affected VIBs
  • VMware_bootbank_esx-base_6.5.0-3.111.15177306
  • VMware_bootbank_vsanhealth_6.5.0-3.111.15079807
  • VMware_bootbank_vsan_6.5.0-3.111.15079806
  • VMware_bootbank_esx-tboot_6.5.0-3.111.15177306
PRs Fixed N/A
Related CVE numbers CVE-2019-5544
  • OpenSLP as used in ESXi has a heap overwrite issue. This issue may allow a malicious actor with network access to port 427 on an ESXi host to overwrite the heap of the OpenSLP service resulting in remote code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2019-5544 to this issue. For more information, see VMware Security Advisory VMSA-2019-0022.

ESXi-6.5.0-20191203001-no-tools
Profile Name ESXi-6.5.0-20191203001-no-tools
Build For build information, see the top of the page.
Vendor VMware, Inc.
Release Date December 5, 2019
Acceptance Level PartnerSupported
Affected Hardware N/A
Affected Software N/A
Affected VIBs
  • VMware_bootbank_esx-base_6.5.0-3.111.15177306
  • VMware_bootbank_vsanhealth_6.5.0-3.111.15079807
  • VMware_bootbank_vsan_6.5.0-3.111.15079806
  • VMware_bootbank_esx-tboot_6.5.0-3.111.15177306
PRs Fixed N/A
Related CVE numbers CVE-2019-5544
  • OpenSLP as used in ESXi has a heap overwrite issue. This issue may allow a malicious actor with network access to port 427 on an ESXi host to overwrite the heap of the OpenSLP service resulting in remote code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2019-5544 to this issue. For more information, see VMware Security Advisory VMSA-2019-0022.

Known Issues from Previous Releases

To view a list of previous known issues, click here.