Release Date: November 9, 2018
Download Filename:
ESXi670-201811001.zip
Build:
10764712
Download Size:
317.5 MB
md5sum:
54a515148baa7862dec51f9943ef182f
sha1checksum:
c579568c335c19298a776ac74b641a6901c6eb92
Host Reboot Required: Yes
Virtual Machine Migration or Shutdown Required: Yes
Bulletins
| Bulletin ID | Category | Severity |
| ESXi670-201811401-BG | Bugfix | Important |
Rollup Bulletin
This rollup bulletin contains the latest VIBs with all the fixes since the initial release of ESXi 6.7.
| Bulletin ID | Category | Severity |
| ESXi670-201811001 | Bugfix | Important |
Image Profiles
VMware patch and update releases contain general and critical image profiles. Application of the general release image profile applies to new bug fixes.
| Image Profile Name |
| ESXi-6.7.0-20181104001-standard |
| ESXi-6.7.0-20181104001-no-tools |
For more information about the individual bulletins, see the My VMware page and the Resolved Issues section.
Resolved Issues
The resolved issues are grouped as follows.
ESXi670-201811401-BG| Patch Category | Bugfix |
| Patch Severity | Important |
| Host Reboot Required | Yes |
| Virtual Machine Migration or Shutdown Required | Yes |
| Affected Hardware | N/A |
| Affected Software | N/A |
| VIBs Included |
|
| PRs Fixed | 2141221, 2228095, 2227388 |
| Related CVE numbers | CVE-2018-6981, CVE-2018-6982 |
This patch updates esx-base, vsan, esx-tboot and vsanhealth VIBs to resolve the following issues:
ESXi has uninitialized stack memory usage vulnerability in the vmxnet3 virtual network adapter that might allow a guest to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2018-6981 and CVE-2018-6982 to this issue.
For more details, see VMware Security Advisory VMSA-2018-0027.- PR 2227388: A disk group with deduplication enabled might be marked as in permanent disk error with disk reporting out of space, even though the group has free blocks
The vSAN deduplication engine maintains a free block count per disk in deduplication-enabled disk groups to determine the block allocation for write requests. In some cases, the value of the free block count for a given disk might underflow. This might fail a placement by the deduplication engine on that disk, because the block count is not accurate. As a result, the deduplication engine might mark the entire disk group as out of space, even though other disks in the group might have free blocks.
This issue is resolved in this release.
- PR 2141221: An ESXi host might fail during replication of virtual machines by using VMware vSphere Replication with VMware Site Recovery Manager
When you replicate virtual machines by using vSphere Replication with the Site Recovery Manager, the ESXi host might fail with a purple diagnostic screen immediately or within 24 hours. You might see a similar error:
PANIC bora/vmkernel/main/dlmalloc.c:4924 - Usage error in dlmalloc.This issue is resolved in this release.
- PR 2228095: Some combinations of SATA disks and controllers might experience Power On Resets and I/Os to disks might be cancelled
Some combinations of SATA disks and controllers might not properly respond to the changes in some SMART commands in vSAN 6.7. These SMART commands are issued every 20 minutes and the disks might experience power on resets that lead to the cancellation of outstanding I/Os to the disks. As a result, you might see a periodic performance drop in the vSAN cluster. SMART commands implementation has been modified to avoid this issue.
This issue is resolved in this release.
| Profile Name | ESXi-6.7.0-20181104001-standard |
| Build | For build information, see the top of the page. |
| Vendor | VMware, Inc. |
| Release Date | November 9, 2018 |
| Acceptance Level | PartnerSupported |
| Affected Hardware | N/A |
| Affected Software | N/A |
| Affected VIBs |
|
| PRs Fixed | 2141221, 2228095, 2227388 |
| Related CVE numbers | CVE-2018-6981, CVE-2018-6982 |
- This patch updates the following issues:
- ESXi has uninitialized stack memory usage vulnerability in the vmxnet3 virtual network adapter that might allow a guest to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2018-6981 and CVE-2018-6982 to this issue.
For more details, see VMware Security Advisory VMSA-2018-0027. - The vSAN deduplication engine maintains a free block count per disk in deduplication-enabled disk groups to determine the block allocation for write requests. In some cases, the value of the free block count for a given disk might underflow. This might fail a placement by the deduplication engine on that disk, because the block count is not accurate. As a result, the deduplication engine might mark the entire disk group as out of space, even though other disks in the group might have free blocks.
- When you replicate virtual machines by using vSphere Replication with the Site Recovery Manager, the ESXi host might fail with a purple diagnostic screen immediately or within 24 hours. You might see a similar error:
PANIC bora/vmkernel/main/dlmalloc.c:4924 - Usage error in dlmalloc. - Some combinations of SATA disks and controllers might not properly respond to the changes in some SMART commands in vSAN 6.7. These SMART commands are issued every 20 minutes and the disks might experience power on resets that lead to the cancellation of outstanding I/Os to the disks. As a result, you might see a periodic performance drop in the vSAN cluster. SMART commands implementation has been modified to avoid this issue.
- ESXi has uninitialized stack memory usage vulnerability in the vmxnet3 virtual network adapter that might allow a guest to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2018-6981 and CVE-2018-6982 to this issue.
| Profile Name | ESXi-6.7.0-20181104001-no-tools |
| Build | For build information, see the top of the page. |
| Vendor | VMware, Inc. |
| Release Date | November 9, 2018 |
| Acceptance Level | PartnerSupported |
| Affected Hardware | N/A |
| Affected Software | N/A |
| Affected VIBs |
|
| PRs Fixed | 2141221, 2228095, 2227388 |
| Related CVE numbers | CVE-2018-6981, CVE-2018-6982 |
- This patch updates the following issues:
- ESXi has uninitialized stack memory usage vulnerability in the vmxnet3 virtual network adapter that might allow a guest to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2018-6981 and CVE-2018-6982 to this issue.
For more details, see VMware Security Advisory VMSA-2018-0027. - The vSAN deduplication engine maintains a free block count per disk in deduplication-enabled disk groups to determine the block allocation for write requests. In some cases, the value of the free block count for a given disk might underflow. This might fail a placement by the deduplication engine on that disk, because the block count is not accurate. As a result, the deduplication engine might mark the entire disk group as out of space, even though other disks in the group might have free blocks.
- When you replicate virtual machines by using vSphere Replication with the Site Recovery Manager, the ESXi host might fail with a purple diagnostic screen immediately or within 24 hours. You might see a similar error:
PANIC bora/vmkernel/main/dlmalloc.c:4924 - Usage error in dlmalloc. - Some combinations of SATA disks and controllers might not properly respond to the changes in some SMART commands in vSAN 6.7. These SMART commands are issued every 20 minutes and the disks might experience power on resets that lead to the cancellation of outstanding I/Os to the disks. As a result, you might see a periodic performance drop in the vSAN cluster. SMART commands implementation has been modified to avoid this issue.
- ESXi has uninitialized stack memory usage vulnerability in the vmxnet3 virtual network adapter that might allow a guest to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2018-6981 and CVE-2018-6982 to this issue.
