check-circle-line exclamation-circle-line close-line

VMware vCenter Server Appliance Photon OS Security Patches

This document tracks the release of the monthly patches to the Photon Operating System bundled in the VMware vCenter Server Appliance.

You can download the deliverables from the VMware Patch Download Center.

Installation Steps

To apply the Photon OS security patches to the vCenter Server Appliance, you can use one of the methods.

  • Deploy a new vCenter Server Appliance by using either the GUI or the CLI installer.

    For information about doing a fresh install of the vCenter Server Appliance, see Deploying the vCenter Server Appliance and Platform Services Controller Appliance.

  • Upgrade to the version of the vCenter Server Appliance containing the latest Photon OS security patches by using either the GUI or the CLI installer.

    For information about upgrading the vCenter Server Appliance, see Upgrading the vCenter Server Appliance and Platform Services Controller Appliance.

  • Patch the appliance either by using the appliance shell or the Appliance Management Interface.

    IMPORTANT: You can update the vCenter Server Appliance with Photon OS patches released within one and the same Update release. Currently, you can patch the appliance with Photon OS patches only if you have updated the vCenter Server Appliance to 6.7 Update 1.

    If you try to update the vCenter Server Appliance directly from an unsupported base version of 6.7 to the current Photon OS patch version, by using the vCenter Server Appliance Management Interface, you see a message No applicable update found. This is expected. You must first update the vCenter Server Appliance to version 6.7 Update 1 and then apply the selected Photon OS patch to the appliance.

    For information on patching the vCenter Server Appliance, see Patching the vCenter Server Appliance.

  • Perform a file-based backup and restore where in the restore process you deploy a new appliance containing the latest Photon OS security patches.

    For information performing a file-based backup and restore of the vCenter Server Appliance, see File-Based Backup and Restore of vCenter Server Appliance.

  • Migrate a vCenter Server on Windows instance to a version of the vCenter Server Appliance containing the latest Photon OS security patches.

    For information about performing a migration of vCenter Server on Windows to vCenter Server Appliance, see Migrating vCenter Server for Windows to vCenter Server Appliance.

vCenter Server Appliance Photon OS Security Patches

vSphere 6.7.0 updates

Release Date

Build Number

Patch Name

Affected Package

New Package Versions

CVEs Addressed

28 June 2018 8832884 6.7.0b
(Security fixes for Photon OS are listed here. For details on other fixes, click here)
ncurses 6.0-8

CVE-2017-13728

CVE-2017-16879

wget 1.18-3

CVE-2017-13090

CVE-2017-13089

httpd 2.4.33-1

CVE-2018-1303

CVE-2017-15715

CVE-2017-15710

CVE-2018-1301

CVE-2018-1302

librelp 1.2.9-3

CVE-2018-1000140

ruby 2.4.4-1

CVE-2017-0898

rsync 3.1.3-1

CVE-2018-5764

procmail 3.22-4

CVE-2017-16844

shadow 4.2.1-12

CVE-2017-12424

libgcrypt 1.7.6-3

CVE-2017-0379

dnsmasq 2.76-5

CVE-2017-15107

vSphere 6.7 Update 1

Release Date

Build Number

Patch Name

Affected Package

New Package Versions

CVEs Addressed

16 October 2018 10244745

 6.7 U1

Security fixes for Photon OS are listed  here. For details on other fixes, click here)

procps-ng 3.3.15-1

CVE-2018-1126

CVE-2018-1122

CVE-2018-1125

CVE-2018-1124

CVE-2018-1123

linux

4.4.152-1

CVE-2018-3620

pcre 8.41-2

CVE-2017-11164

ntp 4.2.8p11-1

CVE-2018-7183

CVE-2018-7182

CVE-2018-7184

CVE-2018-7185

ncurses 6.0-9

  CVE-2018-10754

curl 7.59.0-2

CVE-2018-1000300

CVE-2018-1000301

paramiko 1.17.6-1

CVE-2018-7750

glibc 2.22-21

CVE-2018-11236

libmspack 0.5alpha-3

CVE-2017-6419

xerces-c 3.2.1-1

CVE-2017-12627

20 December 2018 11338176

6.7 U1a

(Security fixes for Photon OS)

rpm 4.13.0.2-1

CVE-2017-7500

elfutils 0.169-2

CVE-2018-16402

libxml2 2.9.8-2

CVE-2018-14404

systemd 228-48

CVE-2018-15688

httpd 2.4.34-1

 CVE-2018-1333

linux 4.4.161-1

CVE-2018-13053

patch 2.7.5-5

CVE-2018-6952

The above listed patches are cumulative. The content of the latest patch will accumulate the content from prior patches as well.