check-circle-line exclamation-circle-line close-line

This document tracks the release of the monthly patches to the Photon Operating System bundled in the VMware vCenter Server Appliance.

You can download the deliverables from the VMware Patch Download Center.

Installation Steps

To apply the Photon OS security patches to the vCenter Server Appliance, you can use one of the methods.

  • Deploy a new vCenter Server Appliance by using either the GUI or the CLI installer.

    For information about doing a fresh install of the vCenter Server Appliance, see Deploying the vCenter Server Appliance and Platform Services Controller Appliance.

  • Upgrade to the version of the vCenter Server Appliance containing the latest Photon OS security patches by using either the GUI or the CLI installer.

    For information about upgrading the vCenter Server Appliance, see Upgrading the vCenter Server Appliance and Platform Services Controller Appliance.

  • Patch the appliance either by using the appliance shell or the Appliance Management Interface.

    IMPORTANT: You can update the vCenter Server Appliance with Photon OS patches released within one and the same Update release. Currently, you can patch the appliance with Photon OS patches only if you have updated the vCenter Server Appliance to 6.7 Update 3.

    If you try to update the vCenter Server Appliance directly from an unsupported base version of 6.7 to the current Photon OS patch version, by using the vCenter Server Appliance Management Interface, you see a message No applicable update found. This is expected. You must first update the vCenter Server Appliance to version 6.7 Update 3 and then apply the selected Photon OS patch to the appliance.

    For information on patching the vCenter Server Appliance, see Patching the vCenter Server Appliance.

  • Perform a file-based backup and restore where in the restore process you deploy a new appliance containing the latest Photon OS security patches.

    For information performing a file-based backup and restore of the vCenter Server Appliance, see File-Based Backup and Restore of vCenter Server Appliance.

  • Migrate a vCenter Server on Windows instance to a version of the vCenter Server Appliance containing the latest Photon OS security patches.

    For information about performing a migration of vCenter Server on Windows to vCenter Server Appliance, see Migrating vCenter Server for Windows to vCenter Server Appliance.

Upgrade Notes

Upgrades from vCenter Server 6.7 Update 1a to 6.7 Update 2a, 6.7 Update 2c, and 6.7 Update 3 are not supported. You must first upgrade to vCenter Server 6.7 Update 1b or 6.7 Update 2, and then patch your system to 6.7 Update 2a, 6.7 Update 2c, or 6.7 Update 3.

Important: Upgrades and migrations from vCenter Server 6.5 Update 3k to vCenter Server 6.7 Update 3i are not supported. For more information on vCenter Server supported upgrade and migration paths, please refer to VMware knowledge base article 67077.

vCenter Server Appliance Photon OS Security Patches

vSphere 6.7.0 updates

Release Date

Build Number

Patch Name

Affected Package

New Package Versions

CVEs Addressed

28 June 2018 8832884 6.7.0b
(Security fixes for Photon OS are listed here. For details on other fixes, click here)
ncurses 6.0-8

CVE-2017-13728

CVE-2017-16879

wget 1.18-3

CVE-2017-13090

CVE-2017-13089

httpd 2.4.33-1

CVE-2018-1303

CVE-2017-15715

CVE-2017-15710

CVE-2018-1301

CVE-2018-1302

librelp 1.2.9-3

CVE-2018-1000140

ruby 2.4.4-1

CVE-2017-0898

rsync 3.1.3-1

CVE-2018-5764

procmail 3.22-4

CVE-2017-16844

shadow 4.2.1-12

CVE-2017-12424

libgcrypt 1.7.6-3

CVE-2017-0379

dnsmasq 2.76-5

CVE-2017-15107

vSphere 6.7 Update 1

Release Date

Build Number

Patch Name

Affected Package

New Package Versions

CVEs Addressed

16 October 2018 10244745

 6.7 U1

(Security fixes for Photon OS are listed  here. For details on other fixes, click here)

procps-ng 3.3.15-1

CVE-2018-1126

CVE-2018-1122

CVE-2018-1125

CVE-2018-1124

CVE-2018-1123

linux

4.4.152-1

CVE-2018-3620

pcre 8.41-2

CVE-2017-11164

ntp 4.2.8p11-1

CVE-2018-7183

CVE-2018-7182

CVE-2018-7184

CVE-2018-7185

ncurses 6.0-9

  CVE-2018-10754

curl 7.59.0-2

CVE-2018-1000300

CVE-2018-1000301

paramiko 1.17.6-1

CVE-2018-7750

glibc 2.22-21

CVE-2018-11236

libmspack 0.5alpha-3

CVE-2017-6419

xerces-c 3.2.1-1

CVE-2017-12627

20 December 2018 11338176

6.7 U1a

(Security fixes for Photon OS)

rpm 4.13.0.2-1

CVE-2017-7500

elfutils 0.169-2

CVE-2018-16402

libxml2 2.9.8-2

CVE-2018-14404

systemd 228-48

CVE-2018-15688

httpd 2.4.34-1

 CVE-2018-1333

linux 4.4.161-1

CVE-2018-13053

patch 2.7.5-5

CVE-2018-6952

vSphere 6.7 Update 2

 

Release Date

Build Number

Patch Name

Affected Package

New Package Versions

CVEs Addressed

11 April 2019 13010631

 

6.7 U2

(Security fixes for Photon OS are listed  here. For details on other fixes, click here)

systemd 228-50

CVE-2018-16865

CVE-2018-16864

linux

4.4.171-1

CVE-2018-19824

ruby

rubygem-libxml-ruby

2.5.3-1

3.0.0-3

CVE-2018-16395

CVE-2018-16396

paramiko 1.17.6-2

CVE-2018-1000805

fuse 2.9.5-3

CVE-2018-10906

python2 2.7.15-3

CVE-2018-14647

curl 7.59.0-5

CVE-2018-14618

CVE-2018-16839

apache-tomcat 8.5.35-1

CVE-2018-8037

libmspack 0.5alpha-5

CVE-2018-14679

CVE-2018-14680

libgcrypt 1.7.6-4

CVE-2018-0495

krb5

1.16-2 CVE-2018-5730

shadow

4.2.1-13 CVE-2018-7169

file

5.24-3 CVE-2018-10360
postgresql 9.6.10-1

CVE-2018-10925

 CVE-2018-10915

libtirpc

1.0.1-5 CVE-2018-14621

glibc

2.22-22 CVE-2017-15671
pkg-config 0.28-3

CVE-2018-16428 

CVE-2018-16429

30 May 2019 13843380

6.7 U2b

(Security fixes for Photon OS)

systemd

228-52 CVE-2018-6954

linux

4.4.177-1 CVE-2019-7221

libxslt

1.1.29-5 CVE-2019-11068

gnutls

3.5.15-4 CVE-2019-3829
16 July 2019  14070457

6.7 U2c

(Security fixes for Photon OS are listed  here. For details on other fixes, click here)

httpd 2.4.39-1

CVE-2018-17199

CVE-2019-0190

CVE-2019-0217

CVE-2019-0211

CVE-2019-0215

wget 1.20.3-1

CVE-2019-5953

CVE-2018-20483

linux

4.4.182-1

CVE-2019-11477

CVE-2019-11478

CVE-2019-11479

vSphere 6.7 Update 3

Release Date

Build Number

Patch Name

Affected Package

New Package Versions

CVEs Addressed

     20 August 2019     14367737

 6.7 U3

(Security fixes for Photon OS are listed here. For details on other fixes, click here)

        perl

  5.24.1-2

    CVE-2018-12015
     openssl

  1.0.2o-3

     CVE-2018-0732

        glib

  2.47.6-3

    CVE-2018-16429

     python2

  2.7.15-5

      CVE-2019-9948

     PyYAML

   3.12-3

    CVE-2017-18342

      python-           requests

  2.13.0-2

    CVE-2018-18074

      gettext

 0.19.5.1-4

    CVE-2018-18751

       sqlite -            autoconf

 3.27.2-1

     CVE-2019-9936

     systemd

 228-53

     CVE-2019-3842

          tar

1.29-2

     CVE-2019-9923

linux

4.4.182-1

CVE-2019-11477

 CVE-2019-12456

 24 October 2019

    14836122

6.7 U3a

(Security fixes for Photon OS are listed here. For details on other fixes, click here)

bzip2

1.0.6-7

 CVE-2019-12900

patch

2.7.5-6

 CVE-2019-13638

expat

2.2.4-2

 CVE-2018-20843

 libmspack

 0.7.1alpha-2

 CVE-2018-14682

 CVE-2018-14681

linux

  4.4.191-1

  CVE-2019-15902

  CVE-2016-10905

  CVE-2019-10638

 unzip

6.0-11

   CVE-2019-13232

 libxslt

1.1.29-6

   CVE-2019-13117

   CVE-2019-13118

05 December 2019 15132721

6.7 U3b

(Security fixes for Photon OS are listed here. For details on other fixes, click here)

 

bash

 

4.3.48-4
CVE-2012-6711

 

sqlite-autoconf

 

3.27.2-2 CVE-2019-9937

 

linux

 

4.4.180-1

CVE-2019-11810

CVE-2018-20836

CVE-2019-11815

CVE-2019-11190

 

glib

 

2.58.3-1 CVE-2019-13012

 

curl

 

7.59.0-8 CVE-2019-5436

 

vim

 

7.4-12 CVE-2019-12735

 

python3

 

3.5.6-7 CVE-2019-10160

 

postgresql

 

9.6.14-1 CVE-2019-10164

 

sudo

 

1.8.20p2-2 CVE-2019-14287
30 January 2020 15505668

6.7 U3c

(Security fixes for Photon OS)

dhcp

4.3.5-5

CVE-2018-5732

libxslt

1.1.29-7

 CVE-2019-18197

tcpdump

4.9.3-1

CVE-2018-16227

CVE-2018-14466

 CVE-2018-14462

CVE-2018-14469

CVE-2018-10103

CVE-2018-14882

 CVE-2018-14463

CVE-2019-15166

CVE-2018-14461

CVE-2018-10105

CVE-2018-14879

CVE-2018-16301

CVE-2018-14470

 CVE-2018-16451

CVE-2018-14467

 CVE-2018-14881

 CVE-2018-16229

 CVE-2018-16228

 CVE-2018-16230

CVE-2018-14880

CVE-2018-14465 

CVE-2018-14468

CVE-2018-14464

CVE-2018-16300

CVE-2018-16452

27 February 2020 15679281

6.7 U3d

(Security fixes for Photon OS)

libxslt

1.1.29-8

CVE-2019-5815

sysstat

12.2.0-1

CVE-2019-19725

26 March 2020

15808844

6.7 U3e

(Security fixes for Photon OS)

libsolv

0.6.19-7

CVE-2019-20387

xerces-c

3.2.2-1

CVE-2018-1311

libxml2

2.9.10-2

CVE-2020-7595

CVE-2019-19956

CVE-2019-20388

cpio

2.12-3

 CVE-2019-14866

28 April 2020  16046470

6.7 U3g

(Security fixes for Photon OS are listed here. For details on other fixes, click here)

httpd 2.4.41-1

CVE-2019-10082

 CVE-2019-10081

 CVE-2019-10098

CVE-2019-10092

python3 3.5.6-13

CVE-2019-16056

CVE-2019-17514

python2 2.7.15-13

CVE-2019-16056

CVE-2019-17514

CVE-2019-16935

CVE-2019-5010

linux 4.4.213-2

CVE-2019-14835

CVE-2019-17666

CVE-2019-14821

CVE-2018-20976

CVE-2019-19066

tar 1.29-4 CVE-2016-6321
libpcap 1.9.1-1

CVE-2019-15161

CVE-2019-15165

CVE-2019-15164

CVE-2019-15162

CVE-2019-15163

file 5.24-4 CVE-2016-6321
curl 7.59.0-9

CVE-2019-5482 

CVE-2019-5481

ruby 2.5.7-1

CVE-2019-15845

CVE-2019-16255

CVE-2019-16201

sqlite-autoconf 3.31.1-1

CVE-2019-19317

CVE-2019-19603

 CVE-2019-19646

 CVE-2019-20218

CVE-2019-19880

CVE-2019-19645

sudo 1.8.30-1

CVE-2019-19234 

CVE-2019-19232

dbus 1.13.6-2 CVE-2019-12749
28 May 2020 16275304

6.7 U3h

(Security fixes for Photon OS)

unzip 6.0-12

CVE-2014-8139

 CVE-2014-8141 

CVE-2014-8140

gdb 7.8.2-10

CVE-2019-1010180

30 July 2020 16616482

6.7 U3i

(Security fixes for Photon OS)

vim 7.4-13 CVE-2019-20807

The above listed patches are cumulative. The content of the latest patch will accumulate the content from prior patches as well.