check-circle-line exclamation-circle-line close-line

VMware ESXi 6.7, Patch Release ESXi670-201903001

Release Date: March 28, 2019

Download Filename:

ESXi670-201903001.zip

Build:

13004448

Download Size:

317.7 MB

md5sum:

72b77032695fd2f65eb92e6c98b8b0e3

sha1checksum:

01106fb335f58c69e3952a429ce1ec11fa3b37b5

Host Reboot Required: Yes

Virtual Machine Migration or Shutdown Required: Yes

Bulletins

Bulletin ID Category Severity
ESXi670-201903401-SG Security Critical

Rollup Bulletin

This rollup bulletin contains the latest VIBs with all the fixes since the initial release of ESXi 6.7.

Bulletin ID Category Severity
ESXi670-201903001 Security Critical

Image Profiles

VMware patch and update releases contain general and critical image profiles. Application of the general release image profile applies to new bug fixes.

Image Profile Name
ESXi-6.7.0-20190304001-standard
ESXi-6.7.0-20190304001-no-tools

For more information about the individual bulletins, see the Download Patches page and the Resolved Issues section.

Patch Download and Installation

The typical way to apply patches to ESXi hosts is through the VMware vSphere Update Manager. For details, see the About Installing and Administering VMware vSphere Update Manager.

ESXi hosts can be updated by manually downloading the patch ZIP file from the VMware download page and installing the VIB by using the esxcli software vib command. Additionally, the system can be updated using the image profile and the esxcli software profile command.

For more information, see the vSphere Command-Line Interface Concepts and Examples and the vSphere Upgrade Guide.

Resolved Issues

The resolved issues are grouped as follows.

ESXi670-201903401-SG
Patch Category Security
Patch Severity Critical
Host Reboot Required Yes
Virtual Machine Migration or Shutdown Required Yes
Affected Hardware N/A
Affected Software N/A
VIBs Included
  • VMware_bootbank_vsanhealth_6.7.0-1.41.12909116
  • VMware_bootbank_esx-base_6.7.0-1.41.13004448
  • VMware_bootbank_vsan_6.7.0-1.41.12909115
  • VMware_bootbank_esx-update_6.7.0-1.41.13004448
PRs Fixed  2312643
Related CVE numbers N/A

This patch updates the esx-base, esx-tboot, vsan and vsanhealth VIBs to resolve the following issue:

  • ESXi contains an out-of-bounds read/write vulnerability and a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB UHCI (Universal Host Controller Interface). These issues may allow a guest to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2019-5518 (out-of-bounds read/write) and CVE-2019-5519 (TOCTOU) to these issues. See VMSA-2019-0005 for further information.

ESXi-6.7.0-20190304001-standard
Profile Name ESXi-6.7.0-20190304001-standard
Build For build information, see the top of the page.
Vendor VMware, Inc.
Release Date March 28, 2019
Acceptance Level PartnerSupported
Affected Hardware N/A
Affected Software N/A
Affected VIBs
  • VMware_bootbank_vsanhealth_6.7.0-1.41.12909116
  • VMware_bootbank_esx-base_6.7.0-1.41.13004448
  • VMware_bootbank_vsan_6.7.0-1.41.12909115
  • VMware_bootbank_esx-update_6.7.0-1.41.13004448
PRs Fixed 2312643
Related CVE numbers N/A

This patch updates the following issue:

  • ESXi contains an out-of-bounds read/write vulnerability and a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB UHCI (Universal Host Controller Interface). These issues may allow a guest to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2019-5518 (out-of-bounds read/write) and CVE-2019-5519 (TOCTOU) to these issues. See VMSA-2019-0005 for further information.

ESXi-6.7.0-20190304001-no-tools
Profile Name ESXi-6.7.0-20190304001-no-tools
Build For build information, see the top of the page.
Vendor VMware, Inc.
Release Date March 28, 2019
Acceptance Level PartnerSupported
Affected Hardware N/A
Affected Software N/A
Affected VIBs
  • VMware_bootbank_vsanhealth_6.7.0-1.41.12909116
  • VMware_bootbank_esx-base_6.7.0-1.41.13004448
  • VMware_bootbank_vsan_6.7.0-1.41.12909115
  • VMware_bootbank_esx-update_6.7.0-1.41.13004448
PRs Fixed 2312643
Related CVE numbers N/A

This patch updates the following issue:

  • ESXi contains an out-of-bounds read/write vulnerability and a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB UHCI (Universal Host Controller Interface). These issues may allow a guest to execute code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2019-5518 (out-of-bounds read/write) and CVE-2019-5519 (TOCTOU) to these issues. See VMSA-2019-0005 for further information.