This site will be decommissioned on December 31st 2024. After that date content will be available at techdocs.broadcom.com.

This document tracks the release of the monthly patches to the Photon Operating System bundled in the VMware vCenter Server Appliance.

You can download the deliverables from the VMware Patch Download Center.

IMPORTANT: vCenter Server Appliance 6.5 builds have been removed as of November 14, 2017 due to a deployment-impacting issue. This issue does not impact Windows installed vCenter Servers. To resolve this issue, you must upgrade to vCenter Server Appliance 6.5 Update 1c or later. For more information, see KB 51124.

Installation Steps

To apply the Photon OS security patches to the vCenter Server Appliance, you can use one of the methods.

  • Deploy a new vCenter Server Appliance by using either the GUI or the CLI installer.

    For information about doing a fresh install of the vCenter Server Appliance, see Deploying the vCenter Server Appliance and Platform Services Controller Appliance.

  • Upgrade to the version of the vCenter Server Appliance containing the latest Photon OS security patches by using either the GUI or the CLI installer.

    For information about upgrading the vCenter Server Appliance, see Upgrading the vCenter Server Appliance and Platform Services Controller Appliance.

  • Patch the appliance either by using the appliance shell or the Appliance Management Interface.

    IMPORTANT: You can update the vCenter Server Appliance with Photon OS patches released within one and the same Update release. 

    If you try to update the vCenter Server Appliance directly from an unsupported base version of 6.5 to the current Photon OS patch version, by using the vCenter Server Appliance Management Interface, the process fails. This is expected, but the error message that you see is a generic one. To see the correct error message, check the log files.

    This means if you have updated to a version that is released right after vSphere 6.5 Update 2, you cannot directly apply a Photon OS patch that is released after vSphere 6.5 Update 3. You must first update the vCenter Server Appliance to version 6.5 Update 3 and then apply the selected Photon OS patch to the appliance.

    For information on patching the vCenter Server Appliance, see Patching the vCenter Server Appliance.

  • Perform a file-based backup and restore where in the restore process you deploy a new appliance containing the latest Photon OS security patches..

    For information performing a file-based backup and restore of the vCenter Server Appliance, see File-Based Backup and Restore of vCenter Server Appliance.

  • Migrate a vCenter Server on Windows instance to a version of the vCenter Server Appliance containing the latest Photon OS security patches.

    For information about performing a migration of vCenter Server on Windows to vCenter Server Appliance, see Migrating vCenter Server for Windows to vCenter Server Appliance.

Upgrade Notes

Upgrade from vCenter Server 6.5 Update 3f to 6.7 Update 3 is not supported.
Important: Upgrades and migrations from vCenter Server 6.5 Update 3k to vCenter Server 6.7 Update 3i and vCenter Server 7.0.0c are not supported. For more information on vCenter Server supported upgrade and migration paths, please refer to VMware knowledge base article 67077.

vCenter Server Appliance Photon OS Security Patches

vSphere 6.5 Update 1

Release Date

Build Number

Patch Name

Affected Package

New Package Versions

CVEs Addressed

21 September 2017

6671409

6.5 U1a
(Security fixes for Photon OS)

httpd

2.4.27-1

CVE-2017-3167
CVE-2017-9788
CVE-2017-9789

pycrypto

2.7a1-3

CVE-2013-7459

linux

4.4.79-1

CVE-2017-11176
CVE-2017-11473
CVE-2017-7541

ncurses

6.0-5

CVE-2017-10684
CVE-2017-10685

26 October 2017

6816762

6.5 U1b
(Security fixes for Photon OS are listed here.

For details on other fixes, click here)

ruby

2.4.0-5

CVE-2017-9224
CVE-2017-9225
CVE-2017-9227
CVE-2017-9228
CVE-2017-9229

rsyslog

8.15.0-6

CVE-2017-12588

linux

4.4.82-1

CVE-2017-1000112
CVE-2017-7533
CVE-2017-7542
CVE-2017-10911

shadow

4.2.1-11

CVE-2017-12424

19 December 2017

7312210

6.5 U1d
(Security fixes for Photon OS are listed here.

This release also addresses all relevant moderate security issues in Photon OS before PHSA-2017-0037.

For details on other fixes, click here)

linux

4.4.88-1

CVE-2017-11600
CVE-2017-14340

dnsmasq

2.76-2

CVE-2017-14491
CVE-2017-14492
CVE-2017-14493
CVE-2017-14494
CVE-2017-14495
CVE-2017-14496

perl

5.22.1-5

CVE-2017-12883
CVE-2017-12837

ruby

2.4.2-1

CVE-2017-0898

15 February 2018

7801515

6.5 U1f

(Security fixes for Photon OS)

linux

4.4.110-2

CVE-2017-11472

CVE-2017-12154

CVE-2017-15265

CVE-2017-15649

CVE-2017-15951

CVE-2017-15115

CVE-2017-5753

CVE-2017-5754

CVE-2017-8824

CVE-2017-17448

CVE-2017-17450

CVE-2017-16939

libgcrypt

1.7.6-3

CVE-2017-0379

c-ares

1.12.0-2

CVE-2017-1000381

ncurses

6.0-8

CVE-2017-13728

CVE-2017-16879 

libtasn1

4.12-1

CVE-2017-10790

wget

1.18-3

CVE-2017-13090

CVE-2017-13089

procmail

3.22-4

CVE-2017-16844

rsync

3.1.2-4

CVE-2017-16548

CVE-2017-17433

CVE-2017-17434

apr

1.5.2-7

 CVE-2017-12613

20 March 2018

8024368

6.5 U1g

(Security fixes for Photon OS are listed here.

For details on other fixes, click here)

linux

4.4.115-1

CVE-2018-5344

libtasn1

4.13-1

CVE-2018-6003

dnsmasq

2.76-5

CVE-2017-15107

vSphere 6.5 Update 2

Release Date

Build Number

Patch Name

Affected Package

New Package Versions

CVEs Addressed

3 May 2018

8307201

6.5 U2

(Security fixes for Photon OS are listed here.

This release also addresses all relevant moderate security issues in Photon OS before PHSA-2018-1.0-0109.

For details on other fixes, click here)

glibc

2.22-18

CVE-2017-15670

CVE-2017-15804

CVE-2015-5180

CVE-2016-5417

CVE-2017-16997

tdnf

1.1.0-3

CVE-2017-7501

curl

7.58.0-1

CVE-2017-1000254

CVE-2017-1000257

CVE-2017-8818

ruby

2.4.3-2

CVE-2017-17405

CVE-2017-17790

python2

2.7.13-4

CVE-2017-1000158

python-rpm

4.13.0.1-4

CVE-2017-7501

rpm

4.13.0.1-4

CVE-2017-7501

krb5

1.16-1

CVE-2017-11462

CVE-2017-15088

31 May 2018

8667236

6.5 U2a

(Security fixes for Photon OS)

systemd

228-45

CVE-2017-18078

nettle

3.3-1

CVE-2016-6489

patch

2.7.5-3

CVE-2018-6951

httpd

2.4.33-1

CVE-2018-1303

CVE-2017-15715

CVE-2017-15710

CVE-2018-1301

CVE-2018-1302

librelp

1.2.9-3

CVE-2018-1000140

linux

4.4.131-2

CVE-2018-1000026

CVE-2018-8822

CVE-2018-7757

CVE-2018-1094

CVE-2018-1092

CVE-2017-18255

CVE-2018-8897

rsync

3.1.3-1

CVE-2018-5764

28 June 2018

8815520

6.5 U2b

Security fixes for Photon OS are listed  here.

For details on other fixes, click here)

patch

2.7.5-4

CVE-2018-6951

CVE-2018-1000156

unzip

6.0-9

CVE-2018-1000035

29 November 2018

10964411

6.5 U2d

(Security fixes for Photon OS are listed here.

For details on other fixes, click here)

linux

4.4.157-1

 

CVE-2018-10879

CVE-2018-13053

curl

7.59.0-3

CVE-2018-0500

python3

3.5.5-2

CVE-2018-1060

CVE-2018-1061

patch

2.7.5-5

CVE-2018-6952

ncurses

6.0-9

CVE-2018-10754

libmspack

0.5alpha-4

CVE-2017-6419

pcre

8.41-2

CVE-2017-11164

procps-ng

3.3.15-1

CVE-2018-1126

20 December 2018

11347054

6.5 U2e

(Security fixes for Photon OS)

rpm

4.13.0.2-1

CVE-2017-7500

elfutils

0.169-2

CVE-2018-16402

libxml2

2.9.8-2

CVE-2018-14404

systemd

228-48

CVE-2018-15688

21 March 2019 

12863991

6.5 U2f

(Security fixes for photon OS)

systemd

228-49

CVE-2018-15686

libtirpc

1.0.1-5

CVE-2018-14621

30 May 2019 

13834586

6.5 U2h

(Security fixes for photon OS)

systemd

228-52

CVE-2018-6954

linux

4.4.177-1

CVE-2019-7221

libxslt

1.1.29-5

CVE-2019-11068

gnutls

3.5.15-4

CVE-2019-3829

vSphere 6.5 Update 3

Release Date

Build Number

Patch Name

Affected Package

New Package Versions

CVEs Addressed

2 July 2019

14020092

6.5 U3

(Security fixes for Photon OS are listed  here.

For details on other fixes, click here)

 

 Fuse

 2.9.5-3

CVE-2018-10906

Curl

     7.59.0-7

 CVE-2018-14618

  CVE-2018-16839

 paramiko

  1.17.6-2

 CVE-2018-1000805

 linux

  4.4.177-1

  4.4.182-1

CVE-2018-19824

CVE-2019-11477

 CVE-2019-11478

CVE-2019-11479

systemd

 

228-52

 

 CVE-2018-16865

  CVE-2018-16864

perl 

  5.24.1-4

CVE-2018-18313

CVE-2018-18311

CVE-2018-18312

CVE-2018-18314

python3

 3.5.6-4

CVE-2018-20406

rsyslog

8.15.0-9

 CVE-2018-16881

      PyYAML

         3.12-3

   CVE-2017-18342

     python-           requests

         2.9.1.2

   CVE-2018-18074

      python2

 

         2.7.15-5

 

   CVE-2018-14647

   CVE-2019-9948

   CVE-2019-9636

       glibc

          2.22-26

   CVE-2019-9169

     pycrypto

          2.6.1-5

   CVE-2018-6594

        glib

          2.47.6-3

   CVE-2018-16428

   CVE-2018-16429

        ruby

          2.5.3-1

   CVE-2018-16395

   CVE-2018-16396

        httpd

          2.4.39

   CVE-2018-11763

25 July 2019

14156547

6.5 U3a

(Security fixes for Photon OS)

       wget

         1.20.3-1

 CVE-2019-5953

   CVE-2018-20483

27 August 2019

14389939

6.5 U3b

(Security fixes for Photon OS)

       bzip2

           1.0.6-7

   CVE-2019-12900

24 September 2019

14690228

6.5 U3c

(Security fixes for Photon OS)

unzip

6.0-11

  CVE-2019-13232

libxslt

1.1.29-6

  CVE-2019-13117 

 CVE-2019-13118

    libmspack

 0.7.1 alpha-2

CVE-2018-14682

 CVE-2018-14681

expat

2.2.4-2

CVE-2018-20843 

patch

2.7.5-6

CVE-2019-13638

linux

4.4.189-1

CVE-2019-11487

CVE-2018-20856

24 October 2019

14836121

6.5 U3d

(Security fixes for Photon OS are listed  here.

For details on other fixes, click here)

linux

4.4.191-1

CVE-2019-15902

CVE-2016-10905

CVE-2019-10638

26 November 2019

15127636

6.5 U3e

(Security fixes for Photon OS)

sudo

1.8.20p2-2

CVE-2019-14287

bash

4.3.48-4

CVE-2012-6711

19 December 2019

15259038

6.5 U3f

(Security fixes for Photon OS are listed  here.

For details on other fixes, click here)

sqlite-autoconf

3.27.2-3

CVE-2019-8457

CVE-2019-9937

CVE-2019-9936

linux

4.4.193-1

CVE-2019-14835

systemd

228-56

CVE-2019-3842

glib

2.58.3-1

CVE-2019-12450

CVE-2019-13012

curl

7.59.0-8

CVE-2019-5436

vim

7.4-12

 CVE-2019-12735

python3

3.5.6-10

CVE-2019-10160

postgresql

9.6.14-1

CVE-2019-10164

python2

2.7.15-10

CVE-2019-16056

gettext

0.19.5.1-6

CVE-2018-18751

tar

1.29-4

CVE-2019-9923

 CVE-2016-6321

30 January 2020

15505374

6.5 U3g

(Security fixes for Photon OS)

dhcp

4.3.5-5

CVE-2018-5732

libxslt

1.1.29-7

CVE-2019-18197

tcpdump

4.9.3-1

 

CVE-2018-16227

CVE-2018-14466

 CVE-2018-14462

CVE-2018-14469

CVE-2018-10103

CVE-2018-14882

 CVE-2018-14463

CVE-2019-15166

CVE-2018-14461

CVE-2018-10105

CVE-2018-14879

CVE-2018-16301

CVE-2018-14470

 CVE-2018-16451

CVE-2018-14467

 CVE-2018-14881

 CVE-2018-16229

 CVE-2018-16228

 CVE-2018-16230

CVE-2018-14880

CVE-2018-14465 

CVE-2018-14468

CVE-2018-14464

CVE-2018-16300

CVE-2018-16452

 

27 February 2020

15679215

6.5 U3h

(Security fixes for Photon OS)

libxslt

1.1.29-8

CVE-2019-5815 

systat

12.2.0-1

CVE-2019-19725 

26 March 2020

15808842

6.5 U3i

(Security fixes for Photon OS)

libsolv

0.6.19-7

CVE-2019-20387

xerces-c

3.2.2-1

CVE-2018-1311

libxml2

2.9.10-2

CVE-2020-7595

CVE-2019-19956

CVE-2019-20388

cpio

2.12-3

 CVE-2019-14866

28 May 2020

16275158

6.5 U3j

(Security fixes for Photon OS)

unzip

6.0-12

CVE-2014-8139

 CVE-2014-8141 

CVE-2014-8140

gdb

7.8.2-10

CVE-2019-1010180

30 July 2020

16613358

6.5 U3k

(Security fixes for Photon OS are listed  here.

For details on other fixes, click here)

file

5.38-1

CVE-2019-18218

CVE-2019-8904

python2

2.7.15-16

CVE-2019-5010

CVE-2019-17514

CVE-2020-8492

linux

4.4.221-3

CVE-2019-19066

CVE-2019-16233

CVE-2020-11565

CVE-2020-11668

CVE-2019-19319

CVE-2020-12464

PyYAML

3.12-5

CVE-2019-20477

CVE-2020-1747

ruby

2.5.8-1

CVE-2020-10663

CVE-2020-10933

bash

4.3.48-5

CVE-2019-18276

ncurses

6.0-10

CVE-2019-17594

cyrus-sasl

2.1.26-12

CVE-2019-19906

bindutils

9.15.6-1

CVE-2019-6470

sqlite-autoconf

3.31.1-3

CVE-2020-11655

httpd

2.4.43-1

CVE-2020-1934

systemd

228-59

CVE-2019-20386

CVE-2020-13776

ntp

4.2.8p14-1

CVE-2020-11868

openldap

2.4.43-4

CVE-2020-12243

vim

7.4-13

CVE-2019-20807

python3

3.5.6-13

CVE-2019-17514

libpcap

1.9.1-1

CVE-2019-15163

perl

5.24.1-6

CVE-2020-10878

25 August 2020

 16764584

6.5 U3l

(Security fixes for Photon OS)

atftp

0.7.1-9

CVE-2019-11365 

CVE-2019-11366

 

22 October 2020

17027909

6.5 U3m

(Security fixes for Photon OS)

libxml2

2.9.10-3

 CVE-2020-24977

23 February 2021

17590285

6.5 U3n

(Security fixes for Photon OS are listed  here.

For details on other fixes, click here)

bindutils

9.16.6-1

CVE-2020-8617

CVE-2020-8616

sqlite-autoconf

3.32.1-2

CVE-2020-13631

CVE-2020-13632

CVE-2020-13434

CVE-2020-13435

json-c

0.13.1-1

CVE-2020-12762

nodejs

2.58.3-2

CVE-2018-0734

glibc

2.22-30

CVE-2020-1752

expat

2.2.9-1

CVE-2019-15903

openssh

7.4p1-12

CVE-2020-12062

systemd

228.60

CVE-2020-13776

linux

4.4.243-1

CVE-2020-13974 

CVE-2020-10732

python3

3.5.6-14

CVE-2020-8492

CVE-2019-18348

pcre

8.44-1

CVE-2020-14155

CVE-2019-20838

python2

2.7.15-17

CVE-2019-20907

gnutls

3.6.15-1

CVE-2020-11501

cifs-utils

6.4-3

CVE-2020-14342

23 March 2021 17720264 

6.5 U3o

(Security fixes for Photon OS)

atftp 0.7.1-10

CVE-2020-6097

sudo

1.9.5-2

CVE-2021-3156

12 October 2021

18711281

6.5 U3r

(Security fixes for Photon OS are listed  here.

For details on other fixes, click here)

linux

4.4.276-1

CVE-2021-33909

curl

7.78.0-1

CVE-2021-22925

CVE-2021-22924

openldap

2.4.57-2

CVE-2021-27212

sudo

1.9.5-2

CVE-2021-3156

dnsmasq

2.82-1

CVE-2020-25681

CVE-2020-25682

atftp

0.7.1-10

CVE-2020-6097

glibc

2.22-37

CVE-2021-35942

perl

5.24.1-6

CVE-2020-10878

CVE-2020-12723

glib

2.58.3-4

CVE-2021-28153

PyYMAL

3.12-6

CVE-2020-14343

nss

3.44-4

CVE-2020-12403

httpd

2.4.48-1

CVE-2021-26691

08 February 2022 19261680

6.5 U3s

(Security fixes for Photon OS are listed  here.

For details on other fixes, click here)

 httpd

2.4.51-1

CVE-2021-40438

12 May 2022

19757181

6.5 U3t

(Security fixes for Photon OS are listed  here.

For details on other fixes, click here)

 cpio

2.13-1

CVE-2021-38185

glibc

2.22-38

CVE-2021-38604

util-linux

2.27.1-7

CVE-2021-37600

nettle

3.7.2-2

CVE-2021-3580

c-ares

1.16.1-2

CVE-2021-3672

python3

1.8.2-3

CVE-2017-12852

linux

4.4.274-2

CVE-2021-33909

httpd

2.4.48-3

CVE-2021-40438

binutils

2.32-6

CVE-2021-45078

apache

2.4.51-1

CVE-2021-44790

CVE-2021-44224

atftp

0.7.1-11

CVE-2021-41054

python-urllib3

1.25.11-2

CVE-2021-33503

zlib

1.2.8-5

CVE-2016-9840

 xmlsec-java

1.2.26-3

CVE-2021-40690

python-requests

2.13.0-2

CVE-2018-18074

pycrypto

2.7a1-3

CVE-2013-7459

openssl

1.0.2za-1

CVE-2021-3712

rubygem-nokogiri

1.12.5-1

CVE-2019-5477

nss

3.44-5

CVE-2021-43527

ncurses

6.0-11

CVE-2021-39537

linux

linux-esx

4.4.299-2

CVE-2021-3653

CVE-2021-0929

expat

2.2.9-3

CVE-2022-22824

curl

7.78.0-2

CVE-2021-22945

cloud-init

0.7.9-7

CVE-2018-10896

6 October 2022

20510539

6.5 U3u

(Security fixes for Photon OS are listed  here.

For details on other fixes, click here)

c-ares

1.18.1-1

CVE-2020-8277

CVE-2021-3672

cyrus-sasl

2.1.26-13

CVE-2022-24407

expat

2.2.9-8

CVE-2022-25235

CVE-2022-25236

CVE-2022-25315

CVE-2022-25314

CVE-2022-25313

httpd

2.4.54-1

CVE-2022-31813

CVE-2022-28615

libgcrypt

1.7.6-8

CVE-2021-40528 

CVE-2018-6829

libxml2

2.9.11-3

CVE-2022-29824 

CVE-2022-23308

linux

4.4.302-2

CVE-2022-20153

CVE-2022-20166

CVE-2022-20154

CVE-2022-20148

CVE-2022-1998

CVE-2022-32296

CVE-2022-1943

CV-2022-1966

CVE-2022-1789

CVE-2022-1786

CVE-2022-1678

CVE-2022-29581

CVE-2022-1734

CVE-2022-30594

CVE-2021-6401

CVE-2022-29968

CVE-2022-29582

CVE-2022-20008

CVE-2022-28796

CVE-2022-1419

CVE-2022-1353

CVE-2022-2889

CVE-2022-1280

CVE-2021-0707

CVE-2022-28356

CVE-2021-33061

CVE-2021-39714

CVE-2022-1015

CVE-2022-0494

CVE-022-0854

CVE-2022-0742

CVE-2021-39711

CVE-2022-1011

CVE-2022-0995

CVE-2021-4023

CVE-2022-23222

CVE-2022-2690

CVE-2022-23960

CVE-2022-23042

CVE-2022-23041

CVE-2022-23040

CVE-2022-23039

CVE-2022-23038

CVE-2022-2303

CVE-2022-23036

CVE-2022-0500

CVE-2021-39713

CVE-2022-0002

CVE-2022-0001

CVE-2022-0617

CVE-2022-24958

CVE-022-24448

CVE-2021-4148

CVE-2022-0492

CVE-2021-4197

CVE-2021-4150

CVE-2021-4149

CVE-2021-39633

CVE-2021-3936

CVE-2021-39656

CVE-2021-39648

CVE-2021-33098

CVE-2021-0941

CVE-2021-20317

CVE-2021-35477

CVE-2021-34556

CVE-2020-26145

CVE-2020-26141

CVE-2020-12362

CVE-2021-29155

CVE-2021-28951

CVE-2020-12364

CVE-2020-12363

CVE-2015-1350

CVE-2020-8832

CVE-2015-2877

CVE-2018-13095

CVE-2016-10723

CVE-2020-12655

CVE-2019-19036

openldap

2.4.57-3

CVE-2022-29155

openssl

1.0.2zc-1

CVE-2022-1292
CVE-2022-0778
CVE-2021-4160

audit

2.5.2-3

CVE-2022-24921

bindutils

9.16.27-1

CVE-2021-45078

The above listed patches are cumulative. The content of the latest patch will accumulate the content from prior patches as well.

check-circle-line exclamation-circle-line close-line
Scroll to top icon