This document tracks the release of 7.0.x patches to the Photon Operating System bundled in VMware vCenter Server.

You can download the deliverables from the  VMware Patch Download Center.

Installation Steps

To apply the Photon OS security patches to the vCenter Server Appliance, you can use one of the methods.

  • Deploy a new vCenter Server Appliance by using either the GUI or the CLI installer.

    For information about doing a fresh install of the vCenter Server Appliance, see Deploying the vCenter Server Appliance and Platform Services Controller Appliance.

  • Upgrade to the version of the vCenter Server Appliance containing the latest Photon OS security patches by using either the GUI or the CLI installer.

    For information about upgrading the vCenter Server Appliance, see Upgrading the vCenter Server Appliance.

  • Patch the appliance either by using the appliance shell or the Appliance Management Interface.

    IMPORTANT: You can update the vCenter Server Appliance with Photon OS patches released within one and the same Update release. 

    For information on patching the vCenter Server Appliance, see Patching vCenter Server.

  • Perform a file-based backup and restore where in the restore process you deploy a new appliance containing the latest Photon OS security patches..

    For information performing a file-based backup and restore of the vCenter Server Appliance, see Restore vCenter Server from a File-Based Backup.

  • Migrate a vCenter Server on Windows instance to a version of the vCenter Server Appliance containing the latest Photon OS security patches.

    For information about performing a migration of vCenter Server on Windows to vCenter Server Appliance, see Migrating vCenter Server for Windows to vCenter Server Appliance.

vCenter Server Appliance Photon OS Security Patches

vSphere 7.0 Update 2

Release Date

Build Number

Patch Name

Affected Package

New Package Versions

CVEs Addressed

24 August 2021

18356314

vCenter Server 7.0 Update 2c
(Security fixes for Photon OS)

apache-tomcat

8.5.60-2.ph3

CVE-2021-25122

CVE-2021-25329

atftp

0.7.2-2.ph3

CVE-2020-6097

bindutils

9.16.6-2.ph3

CVE-2020-8625

c-ares

1.16.1-1.ph3

CVE-2020-8277

containerd

1.4.4-1.ph3

CVE-2021-21334

dnsmasq

2.82-2.ph3

CVE-2020-25681

CVE-2020-25682

glib

2.58.0-7.ph3

CVE-2021-27218

CVE-2021-27219

glibc

2.28-12.ph3

CVE-2021-3326

gnutls

3.6.15-3.ph3

CVE-2021-20231

grub2

2.06~rc1-1.ph3

CVE-2021-20232

CVE-2020-14372

CVE-2020-25632

CVE-2020-25647

CVE-2020-27749

CVE-2020-27779

CVE-2021-20225

CVE-2021-20233

CVE-2021-3418

linux

4.19.186-3.ph3

CVE-2020-29569

CVE-2020-29661

CVE-2021-3347

CVE-2021-26930

CVE-2021-27365

CVE-2021-28660

CVE-2021-28972

nettle

3.7.2-1.ph3

CVE-2021-20305

nss

3.44-6.ph3

CVE-2020-12403

openldap

2.4.57-2.ph3

CVE-2020-36221

CVE-2020-36222

CVE-2020-36223

CVE-2020-36224

CVE-2020-36225

CVE-2020-36226

CVE-2020-36227

CVE-2020-36228

CVE-2020-36229

CVE-2020-36230

CVE-2021-27212

openssl

1.0.2y-1.ph3

CVE-2021-23839

CVE-2021-23840

runc

1.0.0.rc93-2.ph3

CVE-2021-30465

sudo

1.9.5-3.ph3

CVE-2021-23240

CVE-2021-3156

vSphere 7.0 Update 3

vCenter Server 7.0 Update 3d

Release Date

Build Number

Patch Name

Affected Package

New Package Versions

CVEs Addressed

29 March 2022

19480866

vCenter Server 7.0 Update 3d
(Security fixes for Photon OS)

c-ares

1.16.1-2.ph3

CVE-2021-3672

vim

8.2.3408-4.ph3

CVE-2021-3770
CVE-2021-3778
CVE-2021-3796

httpd

2.4.51-1.ph3

CVE-2021-33193
CVE-2021-34798
CVE-2021-36160
CVE-2021-40438
CVE-2021-39275

apache-tomcat

8.5.60-4.ph3

CVE-2021-41079

openssh

7.8p1-10.ph3

CVE-2021-41617

nettle

3.7.2-2.ph3

CVE-2021-3580

cpio

2.13-4.ph3

CVE-2021-38185

util-linux

2.32.1-4.ph3

CVE-2021-37600

linux

4.19.208-1.ph3

CVE-2020-3702
CVE-2021-22543
CVE-2021-3653
CVE-2021-3656
CVE-2021-42008
CVE-2021-35039
CVE-2021-38160
CVE-2021-45485
CVE-2021-42252

ncurses

6.1-3.ph3

CVE-2021-39537

glibc

2.28-17.ph3

CVE-2021-35942
CVE-2021-38604

atftp

0.7.5-1.ph3

CVE-2021-41054

vCenter Server 7.0 Update 3f

Release Date

Build Number

Patch Name

Affected Package

New Package Versions

CVEs Addressed

12 July 22

20051473

vCenter Server 7.0 Update 3f

apache-tomcat

8.5.72-1.ph3

CVE-2021-42340

bindutils

9.16.27-1.ph3

CVE-2021-25220

containerd

1.4.12-1.ph3

CVE-2022-23648

curl

7.82.0-1.ph3

CVE-2022-22623

 

7.82.0-3.ph3

CVE-2022-22576

cyrus-sasl

2.1.26-17.ph3

CVE-2022-24407

expat

2.2.9-3.ph3

CVE-2022-22822

 

 

CVE-2022-22823

 

 

CVE-2022-22824

 

 

CVE-2022-22825

 

 

CVE-2022-22826

 

 

CVE-2022-22827

 

2.2.9-4.ph3

CVE-2021-45960

 

 

CVE-2021-46143

 

2.2.9-6.ph3

CVE-2022-23852

 

 

CVE-2022-23990

glibc

2.28-18.ph3

CVE-2022-23218

 

 

CVE-2022-23219

httpd

2.4.52-1.ph3

CVE-2021-44790

 

2.4.53-1.ph3

CVE-2022-22719

 

 

CVE-2022-22720

 

 

CVE-2022-22721

 

 

CVE-2022-23943

krb5

1.17-2.ph3

CVE-2020-28196

 

 

CVE-2021-36222

libxml2

2.9.11-6.ph3

CVE-2022-23308

linux

4.19.214-3.ph3

CVE-2021-3760

 

 

CVE-2021-41864

 

4.19.219-3.ph3

CVE-2020-36385

 

4.19.224-1.ph3

CVE-2021-39685

 

 

CVE-2021-39698

 

 

CVE-2021-39713

 

4.19.224-2.ph3

CVE-2022-23222

 

4.19.225-3.ph3

CVE-2022-0330

 

4.19.225-6.ph3

CVE-2022-0435

 

 

CVE-2022-0492

 

4.19.229-1.ph3

CVE-2022-1678

 

4.19.232-1.ph3

CVE-2022-0847

 

 

CVE-2022-27223

lua

5.3.5-3.ph3

CVE-2022-28805

nss

3.44-7.ph3

CVE-2021-43527

openssl

1.0.2zc-2.ph3

CVE-2022-0778

pkg-config

0.29.2-3.ph3

CVE-2020-35457

 

 

CVE-2021-27218

python

3.7.5-17.ph3

CVE-2022-0391

 

3.7.5-18.ph3

CVE-2021-3737

vim

8.2.3408-10.ph3

CVE-2021-4069

 

8.2.3408-12.ph3

CVE-2021-4136

 

8.2.3408-15.ph3

CVE-2021-4187

 

 

CVE-2021-4192

 

 

CVE-2022-0261

 

 

CVE-2022-0318

 

8.2.3408-16.ph3

CVE-2022-0128

 

8.2.3408-18.ph3

CVE-2021-4173

 

 

CVE-2022-0359

 

 

CVE-2022-0361

 

 

CVE-2022-0408

 

8.2.3408-19.ph3

CVE-2022-0392

 

 

CVE-2022-0407

 

 

CVE-2022-0413

 

 

CVE-2022-0443

 

8.2.3408-20.ph3

CVE-2022-0368

 

8.2.3408-22.ph3

CVE-2022-0554

 

 

CVE-2022-0629

 

 

CVE-2022-0685

 

 

CVE-2022-0729

 

8.2.3408-23.ph3

CVE-2022-0572

 

8.2.3408-25.ph3

CVE-2022-0417

 

8.2.3408-5.ph3

CVE-2021-3872

 

8.2.3408-7.ph3

CVE-2021-3973

 

 

CVE-2021-3974

 

8.2.3408-8.ph3

CVE-2021-3903

 

 

CVE-2021-3927

 

 

CVE-2021-3928

 

8.2.3408-9.ph3

CVE-2021-3984

 

 

CVE-2021-4019

 

8.2.4646-1.ph3

CVE-2022-0943

 

 

CVE-2022-1154

 

8.2.4647-1.ph3

CVE-2022-1160

 

8.2.4827-1.ph3

CVE-2022-1381

 

8.2.4925-1.ph3

CVE-2022-1616

 

 

CVE-2022-1619

 

 

CVE-2022-1620

 

 

CVE-2022-1621

 

 

CVE-2022-1629

zlib

1.2.11-2.ph3

CVE-2018-25032

check-circle-line exclamation-circle-line close-line
Scroll to top icon