check-circle-line exclamation-circle-line close-line

VMware vCenter Server Appliance Photon OS Security Patches

Last updated on:  28 June 2018

vCenter Server Appliance Photon OS Patches

This document tracks the release of the monthly patches to the Photon Operating System bundled in the VMware vCenter Server Appliance.

You can download the deliverables from the VMware Patch Download Center.

IMPORTANT: vCenter Server Appliance 6.5 builds have been removed as of November 14, 2017 due to a deployment-impacting issue. This issue does not impact Windows installed vCenter Servers. To resolve this issue, you must upgrade to vCenter Server Appliance 6.5 Update 1c or later. For more information, see KB 51124.

Installation Steps

To apply the Photon OS security patches to the vCenter Server Appliance, you can use one of the methods.

  • Deploy a new vCenter Server Appliance by using either the GUI or the CLI installer.

    For information about doing a fresh install of the vCenter Server Appliance, see Deploying the vCenter Server Appliance and Platform Services Controller Appliance.

  • Upgrade to the version of the vCenter Server Appliance containing the latest Photon OS security patches by using either the GUI or the CLI installer.

    For information about upgrading the vCenter Server Appliance, see Upgrading the vCenter Server Appliance and Platform Services Controller Appliance.

  • Patch the appliance either by using the appliance shell or the Appliance Management Interface.

    IMPORTANT: You can update the vCenter Server Appliance with Photon OS patches released within one and the same Update release. Currently, you can patch the appliance with Photon OS patches only if you have updated the vCenter Server Appliance to 6.5 Update 1.

    If you try to update the vCenter Server Appliance directly from an unsupported base version of 6.5 to the current Photon OS patch version, by using the vCenter Server Appliance Management Interface, the process fails. This is expected, but the error message that you see is a generic one. To see the correct error message, check the log files.

    This means if you have updated to a version that is released right after vSphere 6.5 Update 1, you cannot directly apply a Photon OS patch that is released after vSphere 6.5 Update 2. You must first update the vCenter Server Appliance to version 6.5 Update 2 and then apply the selected Photon OS patch to the appliance.

    For information on patching the vCenter Server Appliance, see Patching the vCenter Server Appliance.

  • Perform a file-based backup and restore where in the restore process you deploy a new appliance containing the latest Photon OS security patches..

    For information performing a file-based backup and restore of the vCenter Server Appliance, see File-Based Backup and Restore of vCenter Server Appliance.

  • Migrate a vCenter Server on Windows instance to a version of the vCenter Server Appliance containing the latest Photon OS security patches.

    For information about performing a migration of vCenter Server on Windows to vCenter Server Appliance, see Migrating vCenter Server for Windows to vCenter Server Appliance.

 

vCenter Server Appliance Photon OS Security Patches

vSphere 6.5 Update 1

Release Date

Build Number

Patch Name

Affected Package

New Package Versions

CVEs Addressed

21 September 2017

6671409

6.5 U1a
(Security fixes for Photon OS)

httpd

2.4.27-1

CVE-2017-3167
CVE-2017-9788
CVE-2017-9789

pycrypto

2.7a1-3

CVE-2013-7459

linux

4.4.79-1

CVE-2017-11176
CVE-2017-11473
CVE-2017-7541

ncurses

6.0-5

CVE-2017-10684
CVE-2017-10685

26 October 2017 6816762 6.5 U1b
(Security fixes for Photon OS are listed here. For details on other fixes, click here)
ruby 2.4.0-5

CVE-2017-9224
 CVE-2017-9225
CVE-2017-9227
CVE-2017-9228
CVE-2017-9229

rsyslog 8.15.0-6

CVE-2017-12588

linux 4.4.82-1

CVE-2017-1000112
 CVE-2017-7533
CVE-2017-7542
 CVE-2017-10911

shadow 4.2.1-11 CVE-2017-12424
19 December 2017 7312210

6.5 U1d
(Security fixes for Photon OS are listed here, this release also addresses all relevant moderate security issues in Photon OS before PHSA-2017-0037. For details on other fixes, click here)

linux 4.4.88-1

CVE-2017-11600
CVE-2017-14340

dnsmasq 2.76-2 CVE-2017-14491
CVE-2017-14492
CVE-2017-14493
CVE-2017-14494
CVE-2017-14495
CVE-2017-14496
perl 5.22.1-5 CVE-2017-12883
CVE-2017-12837
ruby 2.4.2-1 CVE-2017-0898
15 February 2018 7801515

6.5 U1f

(Security fixes for Photon OS)

linux 4.4.110-2

CVE-2017-11472

CVE-2017-12154

CVE-2017-15265

CVE-2017-15649

CVE-2017-15951

CVE-2017-15115

CVE-2017-5753

CVE-2017-5754

CVE-2017-8824

CVE-2017-17448

CVE-2017-17450

CVE-2017-16939

libgcrypt 1.7.6-3 CVE-2017-0379
c-ares 1.12.0-2 CVE-2017-1000381
ncurses 6.0-8

CVE-2017-13728

CVE-2017-16879 

libtasn1 4.12-1 CVE-2017-10790
wget 1.18-3

CVE-2017-13090

CVE-2017-13089

procmail 3.22-4 CVE-2017-16844
rsync 3.1.2-4

CVE-2017-16548

CVE-2017-17433

CVE-2017-17434

apr 1.5.2-7  CVE-2017-12613
20th March 2018  8024368

6.5 U1g 

(Security fixes for Photon OS are listed here. For details on other fixes, click here)

linux 4.4.115-1

CVE-2018-5344

libtasn1 4.13-1 CVE-2018-6003
dnsmasq 2.76-5   CVE-2017-15107

 

vSphere 6.5 Update 2

Release Date

Build Number

Patch Name

Affected Package

New Package Versions

CVEs Addressed

3rd May 2018

8307201

6.5 U2

(Security fixes for Photon OS are listed here, this release also addresses all relevant moderate security issues in Photon OS before PHSA-2018-1.0-0109. For details on other fixes, click here)

glibc

2.22-18

CVE-2017-15670

CVE-2017-15804

CVE-2015-5180

CVE-2016-5417

CVE-2017-16997

tdnf

1.1.0-3

CVE-2017-7501

curl

7.58.0-1

CVE-2017-1000254

CVE-2017-1000257

CVE-2017-8818

ruby

2.4.3-2

CVE-2017-17405

CVE-2017-17790

python2

2.7.13-4

CVE-2017-1000158

python-rpm

4.13.0.1-4

CVE-2017-7501

rpm

4.13.0.1-4

CVE-2017-7501

krb5

1.16-1

CVE-2017-11462

CVE-2017-15088

     31st May 2018

8667236 

6.5 U2a

(Security fixes for Photon OS)

systemd

228-45

CVE-2017-18078

nettle

3.3-1

CVE-2016-6489

patch

2.7.5-3

CVE-2018-6951

httpd

2.4.33-1

CVE-2018-1303

CVE-2017-15715

CVE-2017-15710

CVE-2018-1301

CVE-2018-1302

librelp

1.2.9-3

CVE-2018-1000140

linux

4.4.131-2

CVE-2018-1000026

CVE-2018-8822

CVE-2018-7757

CVE-2018-1094

CVE-2018-1092

CVE-2017-18255

CVE-2018-8897

rsync

3.1.3-1

CVE-2018-5764

     28th June 2018   8815520

                        6.5 U2 b

    (Security fixes for Photon OS are listed  here. For details on other fixes, click here)

 patch  2.7.5-4       

     CVE-2018-6951

    CVE-2018-1000156 

 unzip  6.0-9    CVE-2018-1000035

The above listed patches are cumulative. The content of the latest patch will accumulate the content from prior patches as well.