This site will be decommissioned on December 31st 2024. After that date content will be available at techdocs.broadcom.com.

Release Date: 13 JUL, 2021

What's in the Release Notes

The release notes cover the following topics:

Build Details

Download Filename: ESXi650-202107001.zip
Build: 18071574
Download Size: 345.8 MB
md5sum: 5456e1f635294028946f1b9151ff91d1
sha1checksum: a4363a816f58fea974c77e83865c8e8d641ee69f
Host Reboot Required: Yes
Virtual Machine Migration or Shutdown Required: Yes

Bulletins

Bulletin ID Category Severity
ESXi650-202107401-SG Security Important

Rollup Bulletin

This rollup bulletin contains the latest VIBs with all the fixes since the initial release of ESXi 6.5.

Bulletin ID Category Severity
ESXi650-202107001 Security Important

IMPORTANT: For clusters using VMware vSAN, you must first upgrade the vCenter Server system. Upgrading only ESXi is not supported.
Before an upgrade, always verify in the VMware Product Interoperability Matrix compatible upgrade paths from earlier versions of ESXi, vCenter Server and vSAN to the current version.

Image Profiles

VMware patch and update releases contain general and critical image profiles. Application of the general release image profile applies to new bug fixes.

Image Profile Name
ESXi-6.5.0-20210704001-standard
ESXi-6.5.0-20210704001-no-tools

For more information about the individual bulletins, see the Download Patches page and the Resolved Issues section.

Patch Download and Installation

The typical way to apply patches to ESXi hosts is by using the VMware vSphere Update Manager. For details, see About Installing and Administering VMware vSphere Update Manager.

ESXi hosts can be updated by manually downloading the patch ZIP file from the VMware download page and installing the VIB by using the esxcli software vib update command. Additionally, the system can be updated by using the image profile and the esxcli software profile update command.

For more information, see vSphere Command-Line Interface Concepts and Examples and vSphere Upgrade Guide.

Resolved Issues

The resolved issues are grouped as follows.

ESXi650-202107401-SG
Patch Category Security
Patch Severity Important
Host Reboot Required Yes
Virtual Machine Migration or Shutdown Required Yes
Affected Hardware N/A
Affected Software N/A
VIBs Included
  • VMware_bootbank_esx-tboot_6.5.0-3.161.18071574
  • VMware_bootbank_vsanhealth_6.5.0-3.161.18071576
  • VMware_bootbank_vsan_6.5.0-3.161.18071575
  • VMware_bootbank_esx-base_6.5.0-3.161.18071574
PRs Fixed  2711589, 2700917
Related CVE numbers CVE-2021-21994, CVE-2021-21995
  • Updates esx-base, esx-tboot, vsan and vsanhealth VIBs:
    • SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2021-21994 to this issue. For more information, see VMware Security Advisory VMSA-2021-0014.
       
    • OpenSLP as used in ESXi has a denial-of-service vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2021-21995 to this issue. For more information, see VMware Security Advisory VMSA-2021-0014.
ESXi-6.5.0-20210704001-standard
Profile Name ESXi-6.5.0-20210704001-standard
Build For build information, see the top of the page.
Vendor VMware, Inc.
Release Date July 13, 2021
Acceptance Level PartnerSupported
Affected Hardware N/A
Affected Software N/A
Affected VIBs
  • VMware_bootbank_esx-tboot_6.5.0-3.161.18071574
  • VMware_bootbank_vsanhealth_6.5.0-3.161.18071576
  • VMware_bootbank_vsan_6.5.0-3.161.18071575
  • VMware_bootbank_esx-base_6.5.0-3.161.18071574
PRs Fixed 2711589, 2700917
Related CVE numbers CVE-2021-21994, CVE-2021-21995
  • This patch updates the following issues: 
    • SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2021-21994 to this issue. For more information, see VMware Security Advisory VMSA-2021-0014.
       
    • OpenSLP as used in ESXi has a denial-of-service vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2021-21995 to this issue. For more information, see VMware Security Advisory VMSA-2021-0014.
ESXi-6.5.0-20210704001-no-tools
Profile Name ESXi-6.5.0-20210704001-no-tools
Build For build information, see the top of the page.
Vendor VMware, Inc.
Release Date July 13, 2021
Acceptance Level PartnerSupported
Affected Hardware N/A
Affected Software N/A
Affected VIBs
  • VMware_bootbank_esx-tboot_6.5.0-3.161.18071574
  • VMware_bootbank_vsanhealth_6.5.0-3.161.18071576
  • VMware_bootbank_vsan_6.5.0-3.161.18071575
  • VMware_bootbank_esx-base_6.5.0-3.161.18071574
PRs Fixed 2711589, 2700917
Related CVE numbers CVE-2021-21994, CVE-2021-21995
  • This patch updates the following issues: 
    • SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2021-21994 to this issue. For more information, see VMware Security Advisory VMSA-2021-0014.
       
    • OpenSLP as used in ESXi has a denial-of-service vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2021-21995 to this issue. For more information, see VMware Security Advisory VMSA-2021-0014.

Known Issues from Previous Releases

To view a list of previous known issues, click here.

check-circle-line exclamation-circle-line close-line
Scroll to top icon