check-circle-line exclamation-circle-line close-line

Release Date: JUN 9, 2020

Build Details

Download Filename: ESXi670-202006001.zip
Build: 16316930
Download Size: 341.2 MB
md5sum: 29b046caaab0c42422f2eaf4bd72516a
sha1checksum: 99e6e464d7ed35cab1632970a2acbe3837cb2d2e
Host Reboot Required: Yes
Virtual Machine Migration or Shutdown Required: Yes

Bulletins

Bulletin ID Category Severity
ESXi670-202006401-SG Security Important

Rollup Bulletin

This rollup bulletin contains the latest VIBs with all the fixes since the initial release of ESXi 6.7.

Bulletin ID Category Severity
ESXi670-202006001 Security Important

Image Profiles

VMware patch and update releases contain general and critical image profiles. Application of the general release image profile applies to new bug fixes.

Image Profile Name
ESXi-6.7.0-20200604001-standard
ESXi-6.7.0-20200604001-no-tools

For more information about the individual bulletins, see the Download Patches page and the Resolved Issues section.

Patch Download and Installation

The typical way to apply patches to ESXi hosts is through the VMware vSphere Update Manager. For details, see the About Installing and Administering VMware vSphere Update Manager.

ESXi hosts can be updated by manually downloading the patch ZIP file from the VMware download page and installing the VIB by using the esxcli software vib command. Additionally, the system can be updated using the image profile and the esxcli software profile command.

For more information, see the vSphere Command-Line Interface Concepts and Examples and the vSphere Upgrade Guide.

Resolved Issues

The resolved issues are grouped as follows.

ESXi670-202006401-SG
Patch Category Security
Patch Severity Important
Host Reboot Required Yes
Virtual Machine Migration or Shutdown Required Yes
Affected Hardware N/A
Affected Software N/A
VIBs Included
  • VMware_bootbank_vsanhealth_6.7.0-3.108.16243519
  • VMware_bootbank_vsan_6.7.0-3.108.16243518
  • VMware_bootbank_esx-base_6.7.0-3.108.16316930
  • VMware_bootbank_esx-update_6.7.0-3.108.16316930
PRs Fixed  2570856, 2560750
Related CVE numbers CVE-2020-3960

This patch updates the esx-base, esx-update, vsan and vsanhealth VIBs to resolve the following issues:

  • VMware ESXi contains an out-of-bounds read vulnerability in the NVMe functionality. A malicious actor with local non-administrative access to a virtual machine might be able to read privileged information contained in the memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-3960 to this issue. For more information, see VMSA-2020-0012.

  • PR 2560750: vSphere Client might display false fan health sensor alarms on HPE Gen10 Servers

    In the vSphere Client, you might see fan health as Critical on HPE Gen 10 servers after upgrading an ESXi host to ESXi670-202004002. This alarm is identified to be false positive.

    This issue is resolved in this release. 

ESXi-6.7.0-20200604001-standard
Profile Name ESXi-6.7.0-20200604001-standard
Build For build information, see the top of the page.
Vendor VMware, Inc.
Release Date June 9, 2020
Acceptance Level PartnerSupported
Affected Hardware N/A
Affected Software N/A
Affected VIBs
  • VMware_bootbank_vsanhealth_6.7.0-3.108.16243519
  • VMware_bootbank_vsan_6.7.0-3.108.16243518
  • VMware_bootbank_esx-base_6.7.0-3.108.16316930
  • VMware_bootbank_esx-update_6.7.0-3.108.16316930
PRs Fixed 2570856, 2560750
Related CVE numbers CVE-2020-3960

This patch updates the following issues:

  • VMware ESXi contains an out-of-bounds read vulnerability in the NVMe functionality. A malicious actor with local non-administrative access to a virtual machine might be able to read privileged information contained in the memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-3960 to this issue. For more information, see VMSA-2020-0012.

  • In the vSphere Client, you might see fan health as Critical on HPE Gen 10 servers after upgrading an ESXi host to ESXi670-202004002. This alarm is identified to be false positive.

ESXi-6.7.0-20200604001-no-tools
Profile Name ESXi-6.7.0-20200604001-no-tools
Build For build information, see the top of the page.
Vendor VMware, Inc.
Release Date June 9, 2020
Acceptance Level PartnerSupported
Affected Hardware N/A
Affected Software N/A
Affected VIBs
  • VMware_bootbank_vsanhealth_6.7.0-3.108.16243519
  • VMware_bootbank_vsan_6.7.0-3.108.16243518
  • VMware_bootbank_esx-base_6.7.0-3.108.16316930
  • VMware_bootbank_esx-update_6.7.0-3.108.16316930
PRs Fixed 2570856, 2560750
Related CVE numbers CVE-2020-3960

This patch updates the following issues:

  • VMware ESXi contains an out-of-bounds read vulnerability in the NVMe functionality. A malicious actor with local non-administrative access to a virtual machine might be able to read privileged information contained in the memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-3960 to this issue. For more information, see VMSA-2020-0012.

  • In the vSphere Client, you might see fan health as Critical on HPE Gen 10 servers after upgrading an ESXi host to ESXi670-202004002. This alarm is identified to be false positive.