This document tracks the release of the monthly patches to the Photon Operating System bundled in the VMware vCenter Server Appliance.
You can download the deliverables from the VMware Patch Download Center.
IMPORTANT: vCenter Server Appliance 6.5 builds have been removed as of November 14, 2017 due to a deployment-impacting issue. This issue does not impact Windows installed vCenter Servers. To resolve this issue, you must upgrade to vCenter Server Appliance 6.5 Update 1c or later. For more information, see KB 51124.
Installation Steps
To apply the Photon OS security patches to the vCenter Server Appliance, you can use one of the methods.
- Deploy a new vCenter Server Appliance by using either the GUI or the CLI installer.
For information about doing a fresh install of the vCenter Server Appliance, see Deploying the vCenter Server Appliance and Platform Services Controller Appliance.
- Upgrade to the version of the vCenter Server Appliance containing the latest Photon OS security patches by using either the GUI or the CLI installer.
For information about upgrading the vCenter Server Appliance, see Upgrading the vCenter Server Appliance and Platform Services Controller Appliance.
- Patch the appliance either by using the appliance shell or the Appliance Management Interface.
IMPORTANT: You can update the vCenter Server Appliance with Photon OS patches released within one and the same Update release.
If you try to update the vCenter Server Appliance directly from an unsupported base version of 6.5 to the current Photon OS patch version, by using the vCenter Server Appliance Management Interface, the process fails. This is expected, but the error message that you see is a generic one. To see the correct error message, check the log files.
This means if you have updated to a version that is released right after vSphere 6.5 Update 2, you cannot directly apply a Photon OS patch that is released after vSphere 6.5 Update 3. You must first update the vCenter Server Appliance to version 6.5 Update 3 and then apply the selected Photon OS patch to the appliance.
For information on patching the vCenter Server Appliance, see Patching the vCenter Server Appliance.
-
Perform a file-based backup and restore where in the restore process you deploy a new appliance containing the latest Photon OS security patches..
For information performing a file-based backup and restore of the vCenter Server Appliance, see File-Based Backup and Restore of vCenter Server Appliance.
- Migrate a vCenter Server on Windows instance to a version of the vCenter Server Appliance containing the latest Photon OS security patches.
For information about performing a migration of vCenter Server on Windows to vCenter Server Appliance, see Migrating vCenter Server for Windows to vCenter Server Appliance.
Upgrade Notes
Upgrade from vCenter Server 6.5 Update 3f to 6.7 Update 3 is not supported.
Important: Upgrades and migrations from vCenter Server 6.5 Update 3k to vCenter Server 6.7 Update 3i and vCenter Server 7.0.0c are not supported. For more information on vCenter Server supported upgrade and migration paths, please refer to VMware knowledge base article 67077.
vCenter Server Appliance Photon OS Security Patches
vSphere 6.5 Update 1
| Release Date |
Build Number |
Patch Name |
Affected Package |
New Package Versions |
CVEs Addressed |
|---|---|---|---|---|---|
| 21 September 2017 |
6671409 |
6.5 U1a |
httpd |
2.4.27-1 |
|
| pycrypto |
2.7a1-3 |
||||
| linux |
4.4.79-1 |
||||
| ncurses |
6.0-5 |
||||
| 26 October 2017 |
6816762 |
6.5 U1b For details on other fixes, click here) |
ruby |
2.4.0-5 |
CVE-2017-9224 |
| rsyslog |
8.15.0-6 |
||||
| linux |
4.4.82-1 |
||||
| shadow |
4.2.1-11 |
||||
| 19 December 2017 |
7312210 |
6.5 U1d This release also addresses all relevant moderate security issues in Photon OS before PHSA-2017-0037. For details on other fixes, click here) |
linux |
4.4.88-1 |
|
| dnsmasq |
2.76-2 |
CVE-2017-14491 |
|||
| perl |
5.22.1-5 |
||||
| ruby |
2.4.2-1 |
||||
| 15 February 2018 |
7801515 |
6.5 U1f (Security fixes for Photon OS) |
linux |
4.4.110-2 |
|
| libgcrypt |
1.7.6-3 |
||||
| c-ares |
1.12.0-2 |
||||
| ncurses |
6.0-8 |
||||
| libtasn1 |
4.12-1 |
||||
| wget |
1.18-3 |
||||
| procmail |
3.22-4 |
||||
| rsync |
3.1.2-4 |
||||
| apr |
1.5.2-7 |
||||
| 20 March 2018 |
8024368 |
6.5 U1g (Security fixes for Photon OS are listed here. For details on other fixes, click here) |
linux |
4.4.115-1 |
|
| libtasn1 |
4.13-1 |
||||
| dnsmasq |
2.76-5 |
vSphere 6.5 Update 2
| Release Date |
Build Number |
Patch Name |
Affected Package |
New Package Versions |
CVEs Addressed |
|---|---|---|---|---|---|
| 3 May 2018 |
8307201 |
6.5 U2 (Security fixes for Photon OS are listed here. This release also addresses all relevant moderate security issues in Photon OS before PHSA-2018-1.0-0109. For details on other fixes, click here) |
glibc |
2.22-18 |
|
| tdnf |
1.1.0-3 |
||||
| curl |
7.58.0-1 |
||||
| ruby |
2.4.3-2 |
||||
| python2 |
2.7.13-4 |
||||
| python-rpm |
4.13.0.1-4 |
||||
| rpm |
4.13.0.1-4 |
||||
| krb5 |
1.16-1 |
||||
| 31 May 2018 |
8667236 |
6.5 U2a (Security fixes for Photon OS) |
systemd |
228-45 |
|
| nettle |
3.3-1 |
||||
| patch |
2.7.5-3 |
||||
| httpd |
2.4.33-1 |
||||
| librelp |
1.2.9-3 |
||||
| linux |
4.4.131-2 |
||||
| rsync |
3.1.3-1 |
||||
| 28 June 2018 |
8815520 |
6.5 U2b Security fixes for Photon OS are listed here. For details on other fixes, click here) |
patch |
2.7.5-4 |
|
| unzip |
6.0-9 |
||||
| 29 November 2018 |
10964411 |
6.5 U2d (Security fixes for Photon OS are listed here. For details on other fixes, click here) |
linux |
4.4.157-1 |
|
| curl |
7.59.0-3 |
||||
| python3 |
3.5.5-2 |
||||
| patch |
2.7.5-5 |
||||
| ncurses |
6.0-9 |
||||
| libmspack |
0.5alpha-4 |
||||
| pcre |
8.41-2 |
||||
| procps-ng |
3.3.15-1 |
||||
| 20 December 2018 |
11347054 |
6.5 U2e (Security fixes for Photon OS) |
rpm |
4.13.0.2-1 |
|
| elfutils |
0.169-2 |
||||
| libxml2 |
2.9.8-2 |
||||
| systemd |
228-48 |
||||
| 21 March 2019 |
12863991 |
6.5 U2f (Security fixes for photon OS) |
systemd |
228-49 |
|
| libtirpc |
1.0.1-5 |
||||
| 30 May 2019 |
13834586 |
6.5 U2h (Security fixes for photon OS) |
systemd |
228-52 |
|
| linux |
4.4.177-1 |
||||
| libxslt |
1.1.29-5 |
||||
| gnutls |
3.5.15-4 |
vSphere 6.5 Update 3
| Release Date |
Build Number |
Patch Name |
Affected Package |
New Package Versions |
CVEs Addressed |
|---|---|---|---|---|---|
| 2 July 2019 |
14020092 |
6.5 U3 (Security fixes for Photon OS are listed here. For details on other fixes, click here)
|
Fuse |
2.9.5-3 |
|
| Curl |
7.59.0-7 |
||||
| paramiko |
1.17.6-2 |
||||
| linux |
4.4.177-1 4.4.182-1 |
||||
| systemd |
228-52
|
||||
| perl |
5.24.1-4 |
||||
| python3 |
3.5.6-4 |
||||
| rsyslog |
8.15.0-9 |
||||
| PyYAML |
3.12-3 |
||||
| python- requests |
2.9.1.2 |
||||
| python2 |
2.7.15-5
|
||||
| glibc |
2.22-26 |
||||
| pycrypto |
2.6.1-5 |
||||
| glib |
2.47.6-3 |
||||
| ruby |
2.5.3-1 |
||||
| httpd |
2.4.39 |
||||
| 25 July 2019 |
14156547 |
6.5 U3a (Security fixes for Photon OS) |
wget |
1.20.3-1 |
|
| 27 August 2019 |
14389939 |
6.5 U3b (Security fixes for Photon OS) |
bzip2 |
1.0.6-7 |
|
| 24 September 2019 |
14690228 |
6.5 U3c (Security fixes for Photon OS) |
unzip |
6.0-11 |
|
| libxslt |
1.1.29-6 |
||||
| libmspack |
0.7.1 alpha-2 |
||||
| expat |
2.2.4-2 |
||||
| patch |
2.7.5-6 |
||||
| linux |
4.4.189-1 |
||||
| 24 October 2019 |
14836121 |
6.5 U3d (Security fixes for Photon OS are listed here. For details on other fixes, click here) |
linux |
4.4.191-1 |
|
| 26 November 2019 |
15127636 |
6.5 U3e (Security fixes for Photon OS) |
sudo |
1.8.20p2-2 |
|
| bash |
4.3.48-4 |
||||
| 19 December 2019 |
15259038 |
6.5 U3f (Security fixes for Photon OS are listed here. For details on other fixes, click here) |
sqlite-autoconf |
3.27.2-3 |
|
| linux |
4.4.193-1 |
||||
| systemd |
228-56 |
||||
| glib |
2.58.3-1 |
||||
| curl |
7.59.0-8 |
||||
| vim |
7.4-12 |
||||
| python3 |
3.5.6-10 |
||||
| postgresql |
9.6.14-1 |
||||
| python2 |
2.7.15-10 |
||||
| gettext |
0.19.5.1-6 |
||||
| tar |
1.29-4 |
||||
| 30 January 2020 |
15505374 |
6.5 U3g (Security fixes for Photon OS) |
dhcp |
4.3.5-5 |
|
| libxslt |
1.1.29-7 |
||||
| tcpdump |
4.9.3-1 |
|
|||
| 27 February 2020 |
15679215 |
6.5 U3h (Security fixes for Photon OS) |
libxslt |
1.1.29-8 |
|
| systat |
12.2.0-1 |
||||
| 26 March 2020 |
15808842 |
6.5 U3i (Security fixes for Photon OS) |
libsolv |
0.6.19-7 |
|
| xerces-c |
3.2.2-1 |
||||
| libxml2 |
2.9.10-2 |
||||
| cpio |
2.12-3 |
||||
| 28 May 2020 |
16275158 |
6.5 U3j (Security fixes for Photon OS) |
unzip |
6.0-12 |
|
| gdb |
7.8.2-10 |
||||
| 30 July 2020 |
16613358 |
6.5 U3k (Security fixes for Photon OS are listed here. For details on other fixes, click here) |
file |
5.38-1 |
|
| python2 |
2.7.15-16 |
||||
| linux |
4.4.221-3 |
||||
| PyYAML |
3.12-5 |
||||
| ruby |
2.5.8-1 |
||||
| bash |
4.3.48-5 |
||||
| ncurses |
6.0-10 |
||||
| cyrus-sasl |
2.1.26-12 |
||||
| bindutils |
9.15.6-1 |
||||
| sqlite-autoconf |
3.31.1-3 |
||||
| httpd |
2.4.43-1 |
||||
| systemd |
228-59 |
||||
| ntp |
4.2.8p14-1 |
||||
| openldap |
2.4.43-4 |
||||
| vim |
7.4-13 |
||||
| python3 |
3.5.6-13 |
||||
| libpcap |
1.9.1-1 |
||||
| perl |
5.24.1-6 |
||||
| 25 August 2020 |
16764584 |
6.5 U3l (Security fixes for Photon OS) |
atftp |
0.7.1-9 |
|
| 22 October 2020 |
17027909 |
6.5 U3m (Security fixes for Photon OS) |
libxml2 |
2.9.10-3 |
|
| 23 February 2021 |
17590285 |
6.5 U3n (Security fixes for Photon OS are listed here. For details on other fixes, click here) |
bindutils |
9.16.6-1 |
|
| sqlite-autoconf |
3.32.1-2 |
||||
| json-c |
0.13.1-1 |
||||
| nodejs |
2.58.3-2 |
||||
| glibc |
2.22-30 |
||||
| expat |
2.2.9-1 |
||||
| openssh |
7.4p1-12 |
||||
| systemd |
228.60 |
||||
| linux |
4.4.243-1 |
||||
| python3 |
3.5.6-14 |
||||
| pcre |
8.44-1 |
||||
| python2 |
2.7.15-17 |
||||
| gnutls |
3.6.15-1 |
||||
| cifs-utils |
6.4-3 |
||||
| 23 March 2021 | 17720264 | 6.5 U3o (Security fixes for Photon OS) |
atftp | 0.7.1-10 | |
| sudo | 1.9.5-2 |
CVE-2021-3156 | |||
| 12 October 2021 |
18711281 |
6.5 U3r (Security fixes for Photon OS are listed here. For details on other fixes, click here) |
linux |
4.4.276-1 |
|
| curl |
7.78.0-1 |
||||
| openldap |
2.4.57-2 |
||||
| sudo |
1.9.5-2 |
||||
| dnsmasq |
2.82-1 |
||||
| atftp |
0.7.1-10 |
||||
| glibc |
2.22-37 |
||||
| perl |
5.24.1-6 |
||||
| glib |
2.58.3-4 |
||||
| PyYMAL |
3.12-6 |
||||
| nss |
3.44-4 |
||||
| httpd |
2.4.48-1 |
||||
| 08 February 2022 | 19261680 | 6.5 U3s (Security fixes for Photon OS are listed here. For details on other fixes, click here) |
httpd | 2.4.51-1 |
CVE-2021-40438 |
| 12 May 2022 |
19757181 |
6.5 U3t (Security fixes for Photon OS are listed here. For details on other fixes, click here) |
cpio |
2.13-1 |
|
| glibc |
2.22-38 |
||||
| util-linux |
2.27.1-7 |
||||
| nettle |
3.7.2-2 |
||||
| c-ares |
1.16.1-2 |
||||
| python3 |
1.8.2-3 |
||||
| linux |
4.4.274-2 |
||||
| httpd |
2.4.48-3 |
||||
| binutils |
2.32-6 |
||||
| apache |
2.4.51-1 |
||||
| atftp |
0.7.1-11 |
||||
| python-urllib3 |
1.25.11-2 |
||||
| zlib |
1.2.8-5 |
||||
| xmlsec-java |
1.2.26-3 |
||||
| python-requests |
2.13.0-2 |
||||
| pycrypto |
2.7a1-3 |
||||
| openssl |
1.0.2za-1 |
||||
| rubygem-nokogiri |
1.12.5-1 |
||||
| nss |
3.44-5 |
||||
| ncurses |
6.0-11 |
||||
| linux linux-esx |
4.4.299-2 |
||||
| expat |
2.2.9-3 |
||||
| curl |
7.78.0-2 |
||||
| cloud-init |
0.7.9-7 |
||||
| 6 October 2022 |
20510539 |
6.5 U3u (Security fixes for Photon OS are listed here. For details on other fixes, click here) |
c-ares |
1.18.1-1 |
|
| cyrus-sasl |
2.1.26-13 |
||||
| expat |
2.2.9-8 |
||||
| httpd |
2.4.54-1 |
||||
| libgcrypt |
1.7.6-8 |
||||
| libxml2 |
2.9.11-3 |
||||
| linux |
4.4.302-2 |
CVE-2022-20166 CVE-2022-20154 CVE-2022-20148 CVE-2022-1998 CVE-2022-32296 CVE-2022-1943 CV-2022-1966 CVE-2022-1789 CVE-2022-1786 CVE-2022-1678 CVE-2022-29581 CVE-2022-1734 CVE-2022-30594 CVE-2021-6401 CVE-2022-29968 CVE-2022-29582 CVE-2022-20008 CVE-2022-28796 CVE-2022-1419 CVE-2022-1353 CVE-2022-2889 CVE-2022-1280 CVE-2021-0707 CVE-2022-28356 CVE-2021-33061 CVE-2021-39714 CVE-2022-1015 CVE-2022-0494 CVE-022-0854 CVE-2022-0742 CVE-2021-39711 CVE-2022-1011 CVE-2022-0995 CVE-2021-4023 CVE-2022-23222 CVE-2022-2690 CVE-2022-23960 CVE-2022-23042 CVE-2022-23041 CVE-2022-23040 CVE-2022-23039 CVE-2022-23038 CVE-2022-2303 CVE-2022-23036 CVE-2022-0500 CVE-2021-39713 CVE-2022-0002 CVE-2022-0001 CVE-2022-0617 CVE-2022-24958 CVE-022-24448 CVE-2021-4148 CVE-2022-0492 CVE-2021-4197 CVE-2021-4150 CVE-2021-4149 CVE-2021-39633 CVE-2021-3936 CVE-2021-39656 CVE-2021-39648 CVE-2021-33098 CVE-2021-0941 CVE-2021-20317 CVE-2021-35477 CVE-2021-34556 CVE-2020-26145 CVE-2020-26141 CVE-2020-12362 CVE-2021-29155 CVE-2021-28951 CVE-2020-12364 CVE-2020-12363 CVE-2015-1350 CVE-2020-8832 CVE-2015-2877 CVE-2018-13095 CVE-2016-10723 CVE-2020-12655 |
|||
| openldap |
2.4.57-3 |
||||
| openssl |
1.0.2zc-1 |
||||
| audit |
2.5.2-3 |
||||
| bindutils |
9.16.27-1 |
CVE-2021-45078 |
The above listed patches are cumulative. The content of the latest patch will accumulate the content from prior patches as well.
