This document tracks the release of 7.0.x patches to the Photon Operating System bundled in VMware vCenter Server.
You can download the deliverables from the VMware Patch Download Center.
Installation Steps
To apply the Photon OS security patches to the vCenter Server Appliance, you can use one of the methods.
- Deploy a new vCenter Server Appliance by using either the GUI or the CLI installer.
For information about doing a fresh install of the vCenter Server Appliance, see Deploying the vCenter Server Appliance and Platform Services Controller Appliance.
- Upgrade to the version of the vCenter Server Appliance containing the latest Photon OS security patches by using either the GUI or the CLI installer.
For information about upgrading the vCenter Server Appliance, see Upgrading the vCenter Server Appliance.
- Patch the appliance either by using the appliance shell or the Appliance Management Interface.
IMPORTANT: You can update the vCenter Server Appliance with Photon OS patches released within one and the same Update release.
Currently, you can patch the appliance with Photon OS patches only if you have updated vCenter to 7.0 Update 3 and later.
If you try to update the vCenter Server Appliance directly from an unsupported base version of 7.0 to the current Photon OS patch version, by using the vCenter Server Appliance Management Interface, you see a message No applicable update found. This is expected. You must first update the vCenter Server Appliance to version 7.0 Update 3 and then apply the selected Photon OS patch to the appliance.
For information on patching the vCenter Server Appliance, see Patching vCenter Server.
-
Perform a file-based backup and restore where in the restore process you deploy a new appliance containing the latest Photon OS security patches..
For information performing a file-based backup and restore of the vCenter Server Appliance, see Restore vCenter Server from a File-Based Backup.
- Migrate a vCenter Server on Windows instance to a version of the vCenter Server Appliance containing the latest Photon OS security patches.
For information about performing a migration of vCenter Server on Windows to vCenter Server Appliance, see Migrating vCenter Server for Windows to vCenter Server Appliance.
vCenter Server Appliance Photon OS Security Patches
vSphere 7.0 Update 2
| Release Date |
Build Number |
Patch Name |
Affected Package |
New Package Versions |
CVEs Addressed |
|---|---|---|---|---|---|
| 24 August 2021 |
18356314 |
vCenter Server 7.0 Update 2c |
apache-tomcat |
8.5.60-2.ph3 |
CVE-2021-25122 |
| CVE-2021-25329 |
|||||
| atftp |
0.7.2-2.ph3 |
CVE-2020-6097 |
|||
| bindutils |
9.16.6-2.ph3 |
CVE-2020-8625 |
|||
| c-ares |
1.16.1-1.ph3 |
CVE-2020-8277 |
|||
| containerd |
1.4.4-1.ph3 |
CVE-2021-21334 |
|||
| dnsmasq |
2.82-2.ph3 |
CVE-2020-25681 |
|||
| CVE-2020-25682 |
|||||
| glib |
2.58.0-7.ph3 |
CVE-2021-27218 |
|||
| CVE-2021-27219 |
|||||
| glibc |
2.28-12.ph3 |
CVE-2021-3326 |
|||
| gnutls |
3.6.15-3.ph3 |
CVE-2021-20231 |
|||
| grub2 |
2.06~rc1-1.ph3 |
CVE-2021-20232 |
|||
| CVE-2020-14372 |
|||||
| CVE-2020-25632 |
|||||
| CVE-2020-25647 |
|||||
| CVE-2020-27749 |
|||||
| CVE-2020-27779 |
|||||
| CVE-2021-20225 |
|||||
| CVE-2021-20233 |
|||||
| CVE-2021-3418 |
|||||
| linux |
4.19.186-3.ph3 |
CVE-2020-29569 |
|||
| CVE-2020-29661 |
|||||
| CVE-2021-3347 |
|||||
| CVE-2021-26930 |
|||||
| CVE-2021-27365 |
|||||
| CVE-2021-28660 |
|||||
| CVE-2021-28972 |
|||||
| nettle |
3.7.2-1.ph3 |
CVE-2021-20305 |
|||
| nss |
3.44-6.ph3 |
CVE-2020-12403 |
|||
| openldap |
2.4.57-2.ph3 |
CVE-2020-36221 |
|||
| CVE-2020-36222 |
|||||
| CVE-2020-36223 |
|||||
| CVE-2020-36224 |
|||||
| CVE-2020-36225 |
|||||
| CVE-2020-36226 |
|||||
| CVE-2020-36227 |
|||||
| CVE-2020-36228 |
|||||
| CVE-2020-36229 |
|||||
| CVE-2020-36230 |
|||||
| CVE-2021-27212 |
|||||
| openssl |
1.0.2y-1.ph3 |
CVE-2021-23839 |
|||
| CVE-2021-23840 |
|||||
| runc |
1.0.0.rc93-2.ph3 |
CVE-2021-30465 |
|||
| sudo |
1.9.5-3.ph3 |
CVE-2021-23240 |
|||
| CVE-2021-3156 |
vSphere 7.0 Update 3
- vCenter Server 7.0 Update 3d
- vCenter Server 7.0 Update 3f
- vCenter Server 7.0 Update 3i
- vCenter Server 7.0 Update 3l
- vCenter Server 7.0 Update 3o
vCenter Server 7.0 Update 3d
| Release Date |
Build Number |
Patch Name |
Affected Package |
New Package Versions |
CVEs Addressed |
|---|---|---|---|---|---|
| 29 March 2022 |
19480866 |
vCenter Server 7.0 Update 3d |
c-ares |
1.16.1-2.ph3 |
CVE-2021-3672 |
| vim |
8.2.3408-4.ph3 |
CVE-2021-3770 |
|||
| httpd |
2.4.51-1.ph3 |
CVE-2021-33193 |
|||
| apache-tomcat |
8.5.60-4.ph3 |
CVE-2021-41079 |
|||
| openssh |
7.8p1-10.ph3 |
CVE-2021-41617 |
|||
| nettle |
3.7.2-2.ph3 |
CVE-2021-3580 |
|||
| cpio |
2.13-4.ph3 |
CVE-2021-38185 |
|||
| util-linux |
2.32.1-4.ph3 |
CVE-2021-37600 |
|||
| linux |
4.19.208-1.ph3 |
CVE-2020-3702 |
|||
| ncurses |
6.1-3.ph3 |
CVE-2021-39537 |
|||
| glibc |
2.28-17.ph3 |
CVE-2021-35942 |
|||
| atftp |
0.7.5-1.ph3 |
CVE-2021-41054 |
vCenter Server 7.0 Update 3f
| Release Date |
Build Number |
Patch Name |
Affected Package |
New Package Versions |
CVEs Addressed |
|---|---|---|---|---|---|
| 12 July 22 |
20051473 |
apache-tomcat |
8.5.72-1.ph3 |
CVE-2021-42340 |
|
| bindutils |
9.16.27-1.ph3 |
CVE-2021-25220 |
|||
| containerd |
1.4.12-1.ph3 |
CVE-2022-23648 |
|||
| curl |
7.82.0-1.ph3 |
CVE-2022-22623 |
|||
|
|
7.82.0-3.ph3 |
CVE-2022-22576 |
|||
| cyrus-sasl |
2.1.26-17.ph3 |
CVE-2022-24407 |
|||
| expat |
2.2.9-3.ph3 |
CVE-2022-22822 |
|||
|
|
|
CVE-2022-22823 |
|||
|
|
|
CVE-2022-22824 |
|||
|
|
|
CVE-2022-22825 |
|||
|
|
|
CVE-2022-22826 |
|||
|
|
|
CVE-2022-22827 |
|||
|
|
2.2.9-4.ph3 |
CVE-2021-45960 |
|||
|
|
|
CVE-2021-46143 |
|||
|
|
2.2.9-6.ph3 |
CVE-2022-23852 |
|||
|
|
|
CVE-2022-23990 |
|||
| glibc |
2.28-18.ph3 |
CVE-2022-23218 |
|||
|
|
|
CVE-2022-23219 |
|||
| httpd |
2.4.52-1.ph3 |
CVE-2021-44790 |
|||
|
|
2.4.53-1.ph3 |
CVE-2022-22719 |
|||
|
|
|
CVE-2022-22720 |
|||
|
|
|
CVE-2022-22721 |
|||
|
|
|
CVE-2022-23943 |
|||
| krb5 |
1.17-2.ph3 |
CVE-2020-28196 |
|||
|
|
|
CVE-2021-36222 |
|||
| libxml2 |
2.9.11-6.ph3 |
CVE-2022-23308 |
|||
| linux |
4.19.214-3.ph3 |
CVE-2021-3760 |
|||
|
|
|
CVE-2021-41864 |
|||
|
|
4.19.219-3.ph3 |
CVE-2020-36385 |
|||
|
|
4.19.224-1.ph3 |
CVE-2021-39685 |
|||
|
|
|
CVE-2021-39698 |
|||
|
|
|
CVE-2021-39713 |
|||
|
|
4.19.224-2.ph3 |
CVE-2022-23222 |
|||
|
|
4.19.225-3.ph3 |
CVE-2022-0330 |
|||
|
|
4.19.225-6.ph3 |
CVE-2022-0435 |
|||
|
|
|
CVE-2022-0492 |
|||
|
|
4.19.229-1.ph3 |
CVE-2022-1678 |
|||
|
|
4.19.232-1.ph3 |
CVE-2022-0847 |
|||
|
|
|
CVE-2022-27223 |
|||
| lua |
5.3.5-3.ph3 |
CVE-2022-28805 |
|||
| nss |
3.44-7.ph3 |
CVE-2021-43527 |
|||
| openssl |
1.0.2zc-2.ph3 |
CVE-2022-0778 |
|||
| pkg-config |
0.29.2-3.ph3 |
CVE-2020-35457 |
|||
|
|
|
CVE-2021-27218 |
|||
| python |
3.7.5-17.ph3 |
CVE-2022-0391 |
|||
|
|
3.7.5-18.ph3 |
CVE-2021-3737 |
|||
| vim |
8.2.3408-10.ph3 |
CVE-2021-4069 |
|||
|
|
8.2.3408-12.ph3 |
CVE-2021-4136 |
|||
|
|
8.2.3408-15.ph3 |
CVE-2021-4187 |
|||
|
|
|
CVE-2021-4192 |
|||
|
|
|
CVE-2022-0261 |
|||
|
|
|
CVE-2022-0318 |
|||
|
|
8.2.3408-16.ph3 |
CVE-2022-0128 |
|||
|
|
8.2.3408-18.ph3 |
CVE-2021-4173 |
|||
|
|
|
CVE-2022-0359 |
|||
|
|
|
CVE-2022-0361 |
|||
|
|
|
CVE-2022-0408 |
|||
|
|
8.2.3408-19.ph3 |
CVE-2022-0392 |
|||
|
|
|
CVE-2022-0407 |
|||
|
|
|
CVE-2022-0413 |
|||
|
|
|
CVE-2022-0443 |
|||
|
|
8.2.3408-20.ph3 |
CVE-2022-0368 |
|||
|
|
8.2.3408-22.ph3 |
CVE-2022-0554 |
|||
|
|
|
CVE-2022-0629 |
|||
|
|
|
CVE-2022-0685 |
|||
|
|
|
CVE-2022-0729 |
|||
|
|
8.2.3408-23.ph3 |
CVE-2022-0572 |
|||
|
|
8.2.3408-25.ph3 |
CVE-2022-0417 |
|||
|
|
8.2.3408-5.ph3 |
CVE-2021-3872 |
|||
|
|
8.2.3408-7.ph3 |
CVE-2021-3973 |
|||
|
|
|
CVE-2021-3974 |
|||
|
|
8.2.3408-8.ph3 |
CVE-2021-3903 |
|||
|
|
|
CVE-2021-3927 |
|||
|
|
|
CVE-2021-3928 |
|||
|
|
8.2.3408-9.ph3 |
CVE-2021-3984 |
|||
|
|
|
CVE-2021-4019 |
|||
|
|
8.2.4646-1.ph3 |
CVE-2022-0943 |
|||
|
|
|
CVE-2022-1154 |
|||
|
|
8.2.4647-1.ph3 |
CVE-2022-1160 |
|||
|
|
8.2.4827-1.ph3 |
CVE-2022-1381 |
|||
|
|
8.2.4925-1.ph3 |
CVE-2022-1616 |
|||
|
|
|
CVE-2022-1619 |
|||
|
|
|
CVE-2022-1620 |
|||
|
|
|
CVE-2022-1621 |
|||
|
|
|
CVE-2022-1629 |
|||
| zlib |
1.2.11-2.ph3 |
CVE-2018-25032 |
vCenter Server 7.0 Update 3i
| Release Date |
Build Number |
Patch Name |
Affected Package |
New Package Versions |
CVEs Addressed |
|---|---|---|---|---|---|
| 08 December 2022 |
20845200 |
vCenter Server 7.0 Update 3i |
bindutils |
9.16.33-1.ph3 |
CVE-2022-2795 |
| CVE-2022-3080 |
|||||
| CVE-2022-38177 |
|||||
| CVE-2022-38178 |
|||||
| cifs-utils |
6.8-4.ph3 |
CVE-2022-27239 |
|||
| curl |
curl-7.83.1-3.ph3 |
CVE-2022-27775 |
|||
| CVE-2022-27780 |
|||||
| CVE-2022-27781 |
|||||
| CVE-2022-27782 |
|||||
| expat |
2.2.9-10.ph3 |
CVE-2022-40674 |
|||
| 2.2.9-8.ph3 |
CVE-2022-25314 |
||||
| CVE-2022-25315 |
|||||
| glib |
2.58.0-9.ph3 |
CVE-2021-3800 |
|||
| glibc |
2.28-22.ph3 |
CVE-2021-3999 |
|||
| gnutls |
3.6.16-3.ph3 |
CVE-2022-2509 |
|||
| httpd |
2.4.54-1.ph3 |
CVE-2022-26377 |
|||
| CVE-2022-28615 |
|||||
| CVE-2022-29404 |
|||||
| CVE-2022-30522 |
|||||
| CVE-2022-30556 |
|||||
| CVE-2022-31813 |
|||||
| libarchive |
3.3.3-8.ph3 |
CVE-2021-23177 |
|||
| CVE-2021-31566 |
|||||
| libtirpc |
1.1.4-2.ph3 |
CVE-2021-46828 |
|||
| libxml2 |
2.9.11-8.ph3 |
CVE-2022-2309 |
|||
| libxslt |
1.1.34-1.ph3 |
CVE-2021-30560 |
|||
| linux |
4.19.241-1.ph3 |
CVE-2022-1055 |
|||
| CVE-2022-28356 |
|||||
| 4.19.245-1.ph3 |
CVE-2022-29581 |
||||
| 4.19.247-2.ph3 |
CVE-2022-1966 |
||||
| CVE-2022-32250 |
|||||
| CVE-2022-32981 |
|||||
| 4.19.256-1.ph3 |
CVE-2021-33656 |
||||
| CVE-2022-36946 |
|||||
| lua |
5.3.5-4.ph3 |
CVE-2022-33099 |
|||
| lz4 |
1.9.2-1.ph3 |
CVE-2019-17543 |
|||
| 1.9.3-2.ph3 |
CVE-2021-3520 |
||||
| openldap |
2.4.57-3.ph3 |
CVE-2022-29155 |
|||
| openssl |
openssl-1.0.2ze-3.ph3 |
CVE-2022-1292 |
|||
| CVE-2022-2068 |
|||||
| postgresql |
10.22-1.ph3 |
CVE-2022-2625 |
|||
| python |
3.7.5-21.ph3 |
CVE-2015-20107 |
|||
| runc |
1.1.3-3.ph3 |
CVE-2022-29162 |
|||
| systemd |
239-44.ph3 |
CVE-2022-2526 |
|||
| vim |
vim-8.2.5169-1.ph3 |
CVE-2022-1733 |
|||
| CVE-2022-1735 |
|||||
| CVE-2022-1769 |
|||||
| CVE-2022-1785 |
|||||
| CVE-2022-1796 |
|||||
| CVE-2022-1851 |
|||||
| CVE-2022-1886 |
|||||
| CVE-2022-1898 |
|||||
| CVE-2022-1927 |
|||||
| CVE-2022-1942 |
|||||
| CVE-2022-2124 |
|||||
| CVE-2022-2125 |
|||||
| CVE-2022-2126 |
|||||
| CVE-2022-2129 |
|||||
| CVE-2022-2175 |
|||||
| CVE-2022-2182 |
|||||
| CVE-2022-2183 |
|||||
| CVE-2022-2206 |
|||||
| CVE-2022-2207 |
|||||
| CVE-2022-2210 |
|||||
| zlib |
1.2.11-3.ph3 |
CVE-2022-37434 |
vCenter Server 7.0 Update 3l
| Release Date | Build Number | Patch Name | Affect Package | New Package Version | CVEs Addressed |
|---|---|---|---|---|---|
| 30 March 2023 |
21477706
|
vCenter Server 7.0 Update 3l |
apache-ant | 1.10.12-1.ph3 | CVE-2017-1000487 CVE-2022-24839 |
| binutils | 2.32-7.ph3 | CVE-2021-45078 CVE-2021-37322 CVE-2018-1000876 |
|||
| curl | 7.86.0-3.ph3 | CVE-2022-32207 CVE-2022-22576 CVE-2022-27782 CVE-2022-27781 CVE-2022-27775 CVE-2021-22946 CVE-2021-22926 CVE-2020-8286 CVE-2020-8285 |
|||
| grub2 | 2.06-4.ph3 | CVE-2022-2601 | |||
| linux | 4.19.269-3.ph3 | CVE-2022-3649 CVE-2022-3643 CVE-2022-42896 CVE-2022-20568 CVE-2022-2327 |
|||
| pcre | 8.44-2.ph3 | CVE-2019-20838 | |||
| ruby | 2.5.8-4.ph3 | CVE-2020-25613 CVE-2020-10663 |
|||
| samba-client | 4.14.14-1.ph3 | CVE-2021-23192 CVE-2022-2031 CVE-2022-32744 CVE-2022-32745 |
vCenter Server 7.0 Update 3o
| Release Date |
Build Number |
Patch Name |
Affect Package |
New Package Version |
CVEs Addressed |
|---|---|---|---|---|---|
| 28 September 2023 |
22357613 |
vCenter Server 7.0 Update 3o |
gnutls |
3.6.16-4.ph3 |
CVE-2023-0361 |
| vim |
8.2.5169-5.ph3 |
CVE-2022-47024 |
|||
| CVE-2023-0049 |
|||||
| CVE-2023-0051 |
|||||
| CVE-2023-0054 |
|||||
| CVE-2023-0433 |
|||||
| httpd |
2.4.56-1.ph3 |
CVE-2006-20001 |
|||
| CVE-2022-36760 |
|||||
| CVE-2023-25690 |
|||||
| CVE-2023-27522 |
|||||
| apache-tomcat |
8.5.84-2.ph3 |
CVE-2022-42252 |
|||
| CVE-2022-45143 |
|||||
| libtasn1 |
4.14-2.ph3 |
CVE-2021-46848 |
|||
| krb5 |
1.17-4.ph3 |
CVE-2022-42898 |
|||
| tar |
1.30-6.ph3 |
CVE-2022-48303 |
|||
| sudo |
1.9.5-5.ph3 |
CVE-2023-22809 |
|||
| nss |
3.44-9.ph3 |
CVE-2019-17006 |
|||
| CVE-2020-25648 |
|||||
| bindutils |
9.16.38-1.ph3 |
CVE-2022-3736 |
|||
| openssl |
1.0.2zg-1.ph3 |
CVE-2022-4450 |
|||
| CVE-2023-0215 |
|||||
| libarchive |
3.3.3-9.ph3 |
CVE-2022-36227 |
|||
| sysstat |
12.7.1-1.ph3 |
CVE-2022-39377 |
|||
| linux |
4.19.277-4.ph3 |
CVE-2023-1281 |
|||
| CVE-2023-26545 |
|||||
| CVE-2023-23559 |
|||||
| containerd |
1.6.8-3.ph3 |
CVE-2023-25173 |
|||
| libxml2 |
2.9.11-9.ph3 |
CVE-2022-40303 |
|||
| CVE-2022-40304 |
|||||
| expat |
2.2.9-11.ph3 |
CVE-2020-10735 |
|||
| python3 |
3.7.5-26.ph3 |
CVE-2020-10735 |
|||
| CVE-2022-37454 |
|||||
| CVE-2022-45061 |
|||||
| dnsmasq |
2.85-3.ph3 |
CVE-2022-0934 |
|||
| pkg-config |
0.29.2-4.ph3 |
CVE-2021-3800 |
|||
| curl |
7.86.0-5.ph3 |
CVE-2023-23914 |
|||
| CVE-2023-23916 |
|||||
| CVE-2023-27535 |
|||||
| CVE-2023-27536 |
|||||
| e2fsprogs |
1.46.5-2.ph3 |
CVE-2022-1304 |
