check-circle-line exclamation-circle-line close-line

This document tracks the release of the monthly patches to the Photon Operating System bundled in the VMware vCenter Server Appliance.

You can download the deliverables from the VMware Patch Download Center.

IMPORTANT: vCenter Server Appliance 6.5 builds have been removed as of November 14, 2017 due to a deployment-impacting issue. This issue does not impact Windows installed vCenter Servers. To resolve this issue, you must upgrade to vCenter Server Appliance 6.5 Update 1c or later. For more information, see KB 51124.

Installation Steps

To apply the Photon OS security patches to the vCenter Server Appliance, you can use one of the methods.

  • Deploy a new vCenter Server Appliance by using either the GUI or the CLI installer.

    For information about doing a fresh install of the vCenter Server Appliance, see Deploying the vCenter Server Appliance and Platform Services Controller Appliance.

  • Upgrade to the version of the vCenter Server Appliance containing the latest Photon OS security patches by using either the GUI or the CLI installer.

    For information about upgrading the vCenter Server Appliance, see Upgrading the vCenter Server Appliance and Platform Services Controller Appliance.

  • Patch the appliance either by using the appliance shell or the Appliance Management Interface.

    IMPORTANT: You can update the vCenter Server Appliance with Photon OS patches released within one and the same Update release. 

    If you try to update the vCenter Server Appliance directly from an unsupported base version of 6.5 to the current Photon OS patch version, by using the vCenter Server Appliance Management Interface, the process fails. This is expected, but the error message that you see is a generic one. To see the correct error message, check the log files.

    This means if you have updated to a version that is released right after vSphere 6.5 Update 2, you cannot directly apply a Photon OS patch that is released after vSphere 6.5 Update 3. You must first update the vCenter Server Appliance to version 6.5 Update 3 and then apply the selected Photon OS patch to the appliance.

    For information on patching the vCenter Server Appliance, see Patching the vCenter Server Appliance.

  • Perform a file-based backup and restore where in the restore process you deploy a new appliance containing the latest Photon OS security patches..

    For information performing a file-based backup and restore of the vCenter Server Appliance, see File-Based Backup and Restore of vCenter Server Appliance.

  • Migrate a vCenter Server on Windows instance to a version of the vCenter Server Appliance containing the latest Photon OS security patches.

    For information about performing a migration of vCenter Server on Windows to vCenter Server Appliance, see Migrating vCenter Server for Windows to vCenter Server Appliance.

Upgrade Notes

Upgrade from vCenter Server 6.5 Update 3b to 6.7 Update 3 is not supported.

vCenter Server Appliance Photon OS Security Patches

vSphere 6.5 Update 1

Release Date

Build Number

Patch Name

Affected Package

New Package Versions

CVEs Addressed

21 September 2017

6671409

6.5 U1a
(Security fixes for Photon OS)

httpd

2.4.27-1

CVE-2017-3167
CVE-2017-9788
CVE-2017-9789

pycrypto

2.7a1-3

CVE-2013-7459

linux

4.4.79-1

CVE-2017-11176
CVE-2017-11473
CVE-2017-7541

ncurses

6.0-5

CVE-2017-10684
CVE-2017-10685

26 October 2017 6816762

6.5 U1b
(Security fixes for Photon OS are listed here.

For details on other fixes, click here)

ruby 2.4.0-5

CVE-2017-9224
CVE-2017-9225
CVE-2017-9227
CVE-2017-9228
CVE-2017-9229

rsyslog 8.15.0-6

CVE-2017-12588

linux 4.4.82-1

CVE-2017-1000112
CVE-2017-7533
CVE-2017-7542
CVE-2017-10911

shadow

4.2.1-11 CVE-2017-12424
19 December 2017 7312210

6.5 U1d
(Security fixes for Photon OS are listed here.

This release also addresses all relevant moderate security issues in Photon OS before PHSA-2017-0037.

For details on other fixes, click here)

linux 4.4.88-1

CVE-2017-11600
CVE-2017-14340

dnsmasq 2.76-2 CVE-2017-14491
CVE-2017-14492
CVE-2017-14493
CVE-2017-14494
CVE-2017-14495
CVE-2017-14496
perl 5.22.1-5 CVE-2017-12883
CVE-2017-12837

ruby

2.4.2-1 CVE-2017-0898
15 February 2018 7801515

6.5 U1f

(Security fixes for Photon OS)

linux 4.4.110-2

CVE-2017-11472

CVE-2017-12154

CVE-2017-15265

CVE-2017-15649

CVE-2017-15951

CVE-2017-15115

CVE-2017-5753

CVE-2017-5754

CVE-2017-8824

CVE-2017-17448

CVE-2017-17450

CVE-2017-16939

libgcrypt

1.7.6-3 CVE-2017-0379

c-ares

1.12.0-2 CVE-2017-1000381
ncurses 6.0-8

CVE-2017-13728

CVE-2017-16879 

libtasn1

4.12-1 CVE-2017-10790
wget 1.18-3

CVE-2017-13090

CVE-2017-13089

procmail

3.22-4 CVE-2017-16844
rsync 3.1.2-4

CVE-2017-16548

CVE-2017-17433

CVE-2017-17434

apr

1.5.2-7  CVE-2017-12613
20 March 2018 8024368

6.5 U1g

(Security fixes for Photon OS are listed here.

For details on other fixes, click here)

linux 4.4.115-1

CVE-2018-5344

libtasn1

4.13-1 CVE-2018-6003

dnsmasq

2.76-5 CVE-2017-15107

vSphere 6.5 Update 2

Release Date

Build Number

Patch Name

Affected Package

New Package Versions

CVEs Addressed

3 May 2018

8307201

6.5 U2

(Security fixes for Photon OS are listed here.

This release also addresses all relevant moderate security issues in Photon OS before PHSA-2018-1.0-0109.

For details on other fixes, click here)

glibc

2.22-18

CVE-2017-15670

CVE-2017-15804

CVE-2015-5180

CVE-2016-5417

CVE-2017-16997

tdnf

1.1.0-3

CVE-2017-7501

curl

7.58.0-1

CVE-2017-1000254

CVE-2017-1000257

CVE-2017-8818

ruby

2.4.3-2

CVE-2017-17405

CVE-2017-17790

python2

2.7.13-4

CVE-2017-1000158

python-rpm

4.13.0.1-4

CVE-2017-7501

rpm

4.13.0.1-4

CVE-2017-7501

krb5

1.16-1

CVE-2017-11462

CVE-2017-15088

31 May 2018

8667236

6.5 U2a

(Security fixes for Photon OS)

systemd

228-45

CVE-2017-18078

nettle

3.3-1

CVE-2016-6489

patch

2.7.5-3

CVE-2018-6951

httpd

2.4.33-1

CVE-2018-1303

CVE-2017-15715

CVE-2017-15710

CVE-2018-1301

CVE-2018-1302

librelp

1.2.9-3

CVE-2018-1000140

linux

4.4.131-2

CVE-2018-1000026

CVE-2018-8822

CVE-2018-7757

CVE-2018-1094

CVE-2018-1092

CVE-2017-18255

CVE-2018-8897

rsync

3.1.3-1

CVE-2018-5764

28 June 2018 8815520

6.5 U2b

Security fixes for Photon OS are listed  here.

For details on other fixes, click here)

patch 2.7.5-4

CVE-2018-6951

CVE-2018-1000156

unzip

6.0-9 CVE-2018-1000035
29 November 2018 10964411

6.5 U2d

(Security fixes for Photon OS are listed here.

For details on other fixes, click here)

linux 4.4.157-1

 

CVE-2018-10879

CVE-2018-13053

curl

7.59.0-3 CVE-2018-0500
python3 3.5.5-2

CVE-2018-1060

CVE-2018-1061

patch 2.7.5-5

CVE-2018-6952

ncurses 6.0-9

CVE-2018-10754

libmspack 0.5alpha-4

CVE-2017-6419

pcre 8.41-2

CVE-2017-11164

procps-ng 3.3.15-1

CVE-2018-1126

20 December 2018 11347054

6.5 U2e

(Security fixes for Photon OS)

rpm 4.13.0.2-1

CVE-2017-7500

elfutils 0.169-2

CVE-2018-16402

libxml2 2.9.8-2

CVE-2018-14404

systemd 228-48

CVE-2018-15688

21 March 2019  12863991

6.5 U2f

(Security fixes for photon OS)

systemd 228-49 CVE-2018-15686
libtirpc 1.0.1-5 CVE-2018-14621
30 May 2019  13834586

6.5 U2h

(Security fixes for photon OS)

systemd

228-52 CVE-2018-6954

linux

4.4.177-1 CVE-2019-7221

libxslt

1.1.29-5 CVE-2019-11068

gnutls

3.5.15-4 CVE-2019-3829

vSphere 6.5 Update 3

Release Date

Build Number

Patch Name

Affected Package

New Package Versions

CVEs Addressed

2 July 2019 14020092

6.5 U3

(Security fixes for Photon OS are listed  here.

For details on other fixes, click here)

 

 Fuse

 2.9.5-3

CVE-2018-10906

Curl

     7.59.0-7

 CVE-2018-14618

  CVE-2018-16839

 paramiko

  1.17.6-2

 CVE-2018-1000805

 linux

  4.4.177-1

  4.4.182-1

CVE-2018-19824

CVE-2019-11477

 CVE-2019-11478

CVE-2019-11479

systemd

 

228-52

 

 CVE-2018-16865

  CVE-2018-16864

perl 

  5.24.1-4

CVE-2018-18313

CVE-2018-18311

CVE-2018-18312

CVE-2018-18314

python3

 3.5.6-4

CVE-2018-20406

rsyslog

8.15.0-9

 CVE-2018-16881

      PyYAML

         3.12-3

   CVE-2017-18342

     python-           requests

         2.9.1.2

   CVE-2018-18074

      python2

 

         2.7.15-5

 

   CVE-2018-14647

   CVE-2019-9948

   CVE-2019-9636

       glibc

          2.22-26

   CVE-2019-9169

     pycrypto

          2.6.1-5

   CVE-2018-6594

        glib

          2.47.6-3

   CVE-2018-16428

   CVE-2018-16429

        ruby

          2.5.3-1

   CVE-2018-16395

   CVE-2018-16396

        httpd

          2.4.39    CVE-2018-11763
25 July 2019 14156547

6.5 U3a

(Security fixes for Photon OS)

       wget

         1.20.3-1

 CVE-2019-5953

   CVE-2018-20483

27 August 2019

14389939

6.5 U3b

(Security fixes for Photon OS)

       bzip2            1.0.6-7    CVE-2019-12900
24 September 2019 14690228

6.5 U3c

(Security fixes for Photon OS)

unzip

6.0-11

  CVE-2019-13232
libxslt

1.1.29-6

  CVE-2019-13117 

 CVE-2019-13118

    libmspack

 0.7.1 alpha-2

CVE-2018-14682

 CVE-2018-14681

expat

2.2.4-2

CVE-2018-20843 
patch

2.7.5-6

CVE-2019-13638
linux

4.4.189-1

CVE-2019-11487

CVE-2018-20856

24 October 2019

14836121

6.5 U3d

(Security fixes for Photon OS are listed  here.

For details on other fixes, click here)

linux

4.4.191-1

CVE-2019-15902

CVE-2016-10905

CVE-2019-10638

26 November 2019

15127636

6.5 U3e

(Security fixes for Photon OS)

sudo

1.8.20p2-2

CVE-2019-14287

bash

4.3.48-4

CVE-2012-6711

The above listed patches are cumulative. The content of the latest patch will accumulate the content from prior patches as well.