Release Date: FEB 23, 2021

Build Details

Download Filename: ESXi670-202102001.zip
Build: 17499825
Download Size: 343.2 MB
md5sum: d9e8e5aba34b3201fc04f2fda2ea33fd
sha1checksum: ab493e640e218b74f15e31450d34a289fef334ab
Host Reboot Required: Yes
Virtual Machine Migration or Shutdown Required: Yes

Bulletins

Bulletin ID Category Severity
ESXi670-202102401-SG Security Important

Rollup Bulletin

This rollup bulletin contains the latest VIBs with all the fixes since the initial release of ESXi 6.7.

Bulletin ID Category Severity
ESXi670-202102001 Security Important

Image Profiles

VMware patch and update releases contain general and critical image profiles. Application of the general release image profile applies to new bug fixes.

Image Profile Name
ESXi-6.7.0-20210204001-standard
ESXi-6.7.0-20210204001-no-tools

For more information about the individual bulletins, see the Download Patches page and the Resolved Issues section.

Patch Download and Installation

The typical way to apply patches to ESXi hosts is through the VMware vSphere Update Manager. For details, see the About Installing and Administering VMware vSphere Update Manager.

ESXi hosts can be updated by manually downloading the patch ZIP file from the VMware download page and installing VIBs by using the esxcli software vib update command. Additionally, the system can be updated using the image profile and the esxcli software profile update command.

For more information, see the vSphere Command-Line Interface Concepts and Examples and the vSphere Upgrade Guide.

Resolved Issues

The resolved issues are grouped as follows.

ESXi670-202102401-SG
Patch Category Security
Patch Severity Important
Host Reboot Required Yes
Virtual Machine Migration or Shutdown Required Yes
Affected Hardware N/A
Affected Software N/A
VIBs Included
  • VMware_bootbank_esx-update_6.7.0-3.134.17499825
  • VMware_bootbank_vsan_6.7.0-3.134.17499827
  • VMware_bootbank_vsanhealth_6.7.0-3.134.17499832
  • VMware_bootbank_esx-base_6.7.0-3.134.17499825
PRs Fixed  2673659
CVE numbers CVE-2021-21974

This patch updates the esx-base, esx-tboot,​ vsan, and vsanhealth VIBs.

  • OpenSLP as used in ESXi has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi, who has access to port 427, might trigger the heap-overflow issue in OpenSLP service, resulting in remote code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2021-21974 to this issue. For more information, see VMware Security Advisory VMSA-2021-0002.

ESXi-6.7.0-20210204001-standard
Profile Name ESXi-6.7.0-20210204001-standard
Build For build information, see the Build Details table.
Vendor VMware, Inc.
Release Date February 23, 2021
Acceptance Level PartnerSupported
Affected Hardware N/A
Affected Software N/A
Affected VIBs
  • VMware_bootbank_esx-update_6.7.0-3.134.17499825
  • VMware_bootbank_vsan_6.7.0-3.134.17499827
  • VMware_bootbank_vsanhealth_6.7.0-3.134.17499832
  • VMware_bootbank_esx-base_6.7.0-3.134.17499825
PRs Fixed 2673659
Related CVE numbers CVE-2021-21974

This patch updates the following issue:

  • OpenSLP as used in ESXi has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi, who has access to port 427, might trigger the heap-overflow issue in OpenSLP service, resulting in remote code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2021-21974 to this issue. For more information, see VMware Security Advisory VMSA-2021-0002.

ESXi-6.7.0-20210204001-no-tools
Profile Name ESXi-6.7.0-20210204001-no-tools
Build For build information, see the Build Details table.
Vendor VMware, Inc.
Release Date February 23, 2021
Acceptance Level PartnerSupported
Affected Hardware N/A
Affected Software N/A
Affected VIBs
  • VMware_bootbank_esx-update_6.7.0-3.134.17499825
  • VMware_bootbank_vsan_6.7.0-3.134.17499827
  • VMware_bootbank_vsanhealth_6.7.0-3.134.17499832
  • VMware_bootbank_esx-base_6.7.0-3.134.17499825
PRs Fixed 2673659
Related CVE numbers CVE-2021-21974

This patch updates the following issue:

  • OpenSLP as used in ESXi has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi, who has access to port 427, might trigger the heap-overflow issue in OpenSLP service, resulting in remote code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2021-21974 to this issue. For more information, see VMware Security Advisory VMSA-2021-0002.

check-circle-line exclamation-circle-line close-line
Scroll to top icon