check-circle-line exclamation-circle-line close-line

VMware ESXi 6.7, Patch Release ESXi670-201811001

Release Date: November 9, 2018

Download Filename:

ESXi670-201811001.zip

Build:

10764712

Download Size:

317.5 MB

md5sum:

54a515148baa7862dec51f9943ef182f

sha1checksum:

c579568c335c19298a776ac74b641a6901c6eb92

Host Reboot Required: Yes

Virtual Machine Migration or Shutdown Required: Yes

Bulletins

Bulletin ID Category Severity
ESXi670-201811401-BG Bugfix Important

Rollup Bulletin

This rollup bulletin contains the latest VIBs with all the fixes since the initial release of ESXi 6.7.

Bulletin ID Category Severity
ESXi670-201811001 Bugfix Important

Image Profiles

VMware patch and update releases contain general and critical image profiles. Application of the general release image profile applies to new bug fixes.

Image Profile Name
ESXi-6.7.0-20181104001-standard
ESXi-6.7.0-20181104001-no-tools

For more information about the individual bulletins, see the My VMware page and the Resolved Issues section.

Resolved Issues

The resolved issues are grouped as follows.

ESXi670-201811401-BG
Patch Category Bugfix
Patch Severity Important
Host Reboot Required Yes
Virtual Machine Migration or Shutdown Required Yes
Affected Hardware N/A
Affected Software N/A
VIBs Included
  • VMware_bootbank_esx-update_6.7.0-1.31.10764712
  • VMware_bootbank_vsanhealth_6.7.0-1.31.10720754
  • VMware_bootbank_esx-base_6.7.0-1.31.10764712 
  • VMware_bootbank_vsan_6.7.0-1.31.10720746
PRs Fixed  2141221, 2228095, 2227388
Related CVE numbers CVE-2018-6981, CVE-2018-6982

This patch updates esx-base, vsan, esx-tboot and vsanhealth VIBs to resolve the following issues:

  • ESXi has uninitialized stack memory usage vulnerability in the vmxnet3 virtual network adapter that might allow a guest to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2018-6981 and CVE-2018-6982 to this issue. 
    For more details, see VMware Security Advisory VMSA-2018-0027.

  • PR 2227388: A disk group with deduplication enabled might be marked as in permanent disk error with disk reporting out of space, even though the group has free blocks

    The vSAN deduplication engine maintains a free block count per disk in deduplication-enabled disk groups to determine the block allocation for write requests. In some cases, the value of the free block count for a given disk might underflow. This might fail a placement by the deduplication engine on that disk, because the block count is not accurate. As a result, the deduplication engine might mark the entire disk group as out of space, even though other disks in the group might have free blocks.

    This issue is resolved in this release.

  • PR 2141221: An ESXi host might fail during replication of virtual machines by using VMware vSphere Replication with VMware Site Recovery Manager

    When you replicate virtual machines by using vSphere Replication with the Site Recovery Manager, the ESXi host might fail with a purple diagnostic screen immediately or within 24 hours. You might see a similar error:
    ​PANIC bora/vmkernel/main/dlmalloc.c:4924 - Usage error in dlmalloc.

    This issue is resolved in this release.

  • PR 2228095: Some combinations of SATA disks and controllers might experience Power On Resets and I/Os to disks might be cancelled

    Some combinations of SATA disks and controllers might not properly respond to the changes in some SMART commands in vSAN 6.7. These SMART commands are issued every 20 minutes and the disks might experience power on resets that lead to the cancellation of outstanding I/Os to the disks. As a result, you might see a periodic performance drop in the vSAN cluster. SMART commands implementation has been modified to avoid this issue.

    This issue is resolved in this release.

ESXi-6.7.0-20181104001-standard
Profile Name ESXi-6.7.0-20181104001-standard
Build For build information, see the top of the page.
Vendor VMware, Inc.
Release Date November 9, 2018
Acceptance Level PartnerSupported
Affected Hardware N/A
Affected Software N/A
Affected VIBs
  • VMware_bootbank_esx-update_6.7.0-1.31.10764712
  • VMware_bootbank_vsanhealth_6.7.0-1.31.10720754
  • VMware_bootbank_esx-base_6.7.0-1.31.10764712 
  • VMware_bootbank_vsan_6.7.0-1.31.10720746
PRs Fixed 2141221, 2228095, 2227388
Related CVE numbers CVE-2018-6981, CVE-2018-6982
  • This patch updates the following issues:
    • ESXi has uninitialized stack memory usage vulnerability in the vmxnet3 virtual network adapter that might allow a guest to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2018-6981 and CVE-2018-6982 to this issue. 
      ​For more details, see VMware Security Advisory VMSA-2018-0027.
    • The vSAN deduplication engine maintains a free block count per disk in deduplication-enabled disk groups to determine the block allocation for write requests. In some cases, the value of the free block count for a given disk might underflow. This might fail a placement by the deduplication engine on that disk, because the block count is not accurate. As a result, the deduplication engine might mark the entire disk group as out of space, even though other disks in the group might have free blocks.
    • When you replicate virtual machines by using vSphere Replication with the Site Recovery Manager, the ESXi host might fail with a purple diagnostic screen immediately or within 24 hours. You might see a similar error:
      ​PANIC bora/vmkernel/main/dlmalloc.c:4924 - Usage error in dlmalloc.
    • Some combinations of SATA disks and controllers might not properly respond to the changes in some SMART commands in vSAN 6.7. These SMART commands are issued every 20 minutes and the disks might experience power on resets that lead to the cancellation of outstanding I/Os to the disks. As a result, you might see a periodic performance drop in the vSAN cluster. SMART commands implementation has been modified to avoid this issue.
ESXi-6.7.0-20181104001-no-tools
Profile Name ESXi-6.7.0-20181104001-no-tools
Build For build information, see the top of the page.
Vendor VMware, Inc.
Release Date November 9, 2018
Acceptance Level PartnerSupported
Affected Hardware N/A
Affected Software N/A
Affected VIBs
  • VMware_bootbank_esx-update_6.7.0-1.31.10764712
  • VMware_bootbank_vsanhealth_6.7.0-1.31.10720754
  • VMware_bootbank_esx-base_6.7.0-1.31.10764712 
  • VMware_bootbank_vsan_6.7.0-1.31.10720746
PRs Fixed 2141221, 2228095, 2227388
Related CVE numbers CVE-2018-6981, CVE-2018-6982
  • This patch updates the following issues:
    • ESXi has uninitialized stack memory usage vulnerability in the vmxnet3 virtual network adapter that might allow a guest to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2018-6981 and CVE-2018-6982 to this issue. 
      ​For more details, see VMware Security Advisory VMSA-2018-0027.
    • The vSAN deduplication engine maintains a free block count per disk in deduplication-enabled disk groups to determine the block allocation for write requests. In some cases, the value of the free block count for a given disk might underflow. This might fail a placement by the deduplication engine on that disk, because the block count is not accurate. As a result, the deduplication engine might mark the entire disk group as out of space, even though other disks in the group might have free blocks.
    • When you replicate virtual machines by using vSphere Replication with the Site Recovery Manager, the ESXi host might fail with a purple diagnostic screen immediately or within 24 hours. You might see a similar error:
      ​PANIC bora/vmkernel/main/dlmalloc.c:4924 - Usage error in dlmalloc.
    • Some combinations of SATA disks and controllers might not properly respond to the changes in some SMART commands in vSAN 6.7. These SMART commands are issued every 20 minutes and the disks might experience power on resets that lead to the cancellation of outstanding I/Os to the disks. As a result, you might see a periodic performance drop in the vSAN cluster. SMART commands implementation has been modified to avoid this issue.