ESXi 7.0 Update 1a | 04 NOV 2020 | ISO Build 17119627

Check for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

Earlier Releases of ESXi 7.0

Features, resolved and known issues of ESXi are described in the release notes for each release. Release notes for earlier releases of ESXi 7.0 are:

For internationalization, compatibility, and open source components, see the VMware vSphere 7.0 Release Notes.

Patches Contained in This Release

This release of ESXi 7.0 Update 1a delivers the following patches:

Build Details

Download Filename: VMware-ESXi-7.0U1a-17119627-depot
Build: 17119627
Download Size: 360.6 MB
md5sum: 37209643e5d483f70d82c39d3a0e02c8
sha1checksum: 19efc144e0bccef65e3e27f815502bfb73a05782
Host Reboot Required: Yes
Virtual Machine Migration or Shutdown Required: Yes

Components

Component Bulletin Category Severity
ESXi ESXi_7.0.1-0.10.17119627 Security Critical
ESXi Install/Upgrade Component esx-update_7.0.1-0.10.17119627 Security Critical

IMPORTANT:

  • Starting with vSphere 7.0, VMware uses components for packaging VIBs along with bulletins. The ESXi and esx-update bulletins are dependent on each other. Always include both in a single ESXi host patch baseline or include the rollup bulletin in the baseline to avoid failure during host patching.
  • When patching ESXi hosts from a version prior to ESXi 7.0 Update 1 by using the VMware Update Manager, it is strongly recommended to use the rollup bulletin in the patch baseline. If you cannot use the rollup bulletin, be sure to include all of the following packages in the patching baseline. If the following packages are not included in the baseline, the update operation fails:

    • VMware-vmkusb_0.1-1vmw.701.0.0.16850804 or higher
    • VMware-vmkata_0.1-1vmw.701.0.0.16850804 or higher
    • VMware-vmkfcoe_1.0.0.2-1vmw.701.0.0.16850804 or higher
    • VMware-NVMeoF-RDMA_1.0.1.2-1vmw.701.0.0.16850804 or higher

Rollup Bulletin

This rollup bulletin contains the latest VIBs with all the fixes after the initial release of ESXi 7.0.

Bulletin ID Category Severity
ESXi70U1a-17119627 Security Critical

Image Profiles

VMware patch and update releases contain general and critical image profiles. Application of the general release image profile applies to new bug fixes.

Image Profile Name
ESXi-7.0U1a-17119627-standard
ESXi-7.0U1a-17119627-no-tools

ESXi Image

Name and Version Release Date Category Detail
ESXi 7.0 U1a - 17119627 11/04/2020 Enhancement Security and Bugfix image

For information about the individual components and bulletins, see the Product Patches page and the Resolved Issues section.

Patch Download and Installation

In vSphere 7.x, the Update Manager plug-in, used for administering vSphere Update Manager, is replaced with the Lifecycle Manager plug-in. Administrative operations for vSphere Update Manager are still available under the Lifecycle Manager plug-in, along with new capabilities for vSphere Lifecycle Manager.
The typical way to apply patches to ESXi 7.x hosts is by using the vSphere Lifecycle Manager. For details, see About vSphere Lifecycle Manager and vSphere Lifecycle Manager Baselines and Images.
You can also update ESXi hosts without using the Lifecycle Manager plug-in, and use an image profile instead. To do this, you must manually download the patch offline bundle ZIP file from the VMware download page or the Product Patches page and use the esxcli software profile update command.
For more information, see the Upgrading Hosts by Using ESXCLI Commands and the VMware ESXi Upgrade guide.

Resolved Issues

The resolved issues are grouped as follows.

ESXi_7.0.1-0.10.17119627
Patch Category Security
Patch Severity Critical
Host Reboot Required Yes
Virtual Machine Migration or Shutdown Required Yes
Affected Hardware N/A
Affected Software N/A
VIBs Included
  • VMware_bootbank_vdfs_7.0.1-0.10.17119627
  • VMware_bootbank_vdfs_7.0.1-0.10.17119627
  • VMware_bootbank_esx-base_7.0.1-0.10.17119627
  • VMware_bootbank_native-misc-drivers_7.0.1-0.10.17119627
  • VMware_bootbank_esx-xserver_7.0.1-0.10.17119627
  • VMware_bootbank_crx_7.0.1-0.10.17119627
  • VMware_bootbank_esx-dvfilter-generic-fastpath_7.0.1-0.10.17119627
  • VMware_bootbank_cpu-microcode_7.0.1-0.10.17119627
  • VMware_bootbank_vsan_7.0.1-0.10.17119627
  • VMware_bootbank_gc_7.0.1-0.10.17119627
  • VMware_bootbank_esx-ui_1.34.4-16668064
  • VMware_bootbank_vsanhealth_7.0.1-0.10.17119627
PRs Fixed  N/A

CVE numbers

CVE-2020-3992

The ESXi and esx-update bulletins are dependent on each other. Always include both in a single ESXi host patch baseline or include the rollup bulletin in the baseline to avoid failure during host patching.

This patch updates the vdfs, vdfs, esx-base, native-misc-drivers, esx-xserver, crx, esx-dvfilter-generic-fastpath, cpu-microcode, vsan, gc, esx-ui, and vsanhealth VIBs to resolve the following issue:

  • OpenSLP as used in ESXi has a use-after-free issue. This issue might allow a malicious actor with network access to port 427 on an ESXi host to trigger a use-after-free in the OpenSLP service resulting in remote code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-3992 to this issue. For more information, see VMware Security Advisory VMSA-2020-0023.1.

esx-update_7.0.1-0.10.17119627
Patch Category Security
Patch Severity Critical
Host Reboot Required Yes
Virtual Machine Migration or Shutdown Required Yes
Affected Hardware N/A
Affected Software N/A
VIBs Included
  • VMware_bootbank_loadesx_7.0.1-0.10.17119627
  • VMware_bootbank_esx-update_7.0.1-0.10.17119627
PRs Fixed  N/A
CVE numbers CVE-2020-3992

The ESXi and esx-update bulletins are dependent on each other. Always include both in a single ESXi host patch baseline or include the rollup bulletin in the baseline to avoid failure during host patching.

Updates the loadesx and esx-update VIBs to resolve the following issue:

  • OpenSLP as used in ESXi has a use-after-free issue. This issue might allow a malicious actor with network access to port 427 on an ESXi host to trigger a use-after-free in the OpenSLP service resulting in remote code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-3992 to this issue. For more information, see VMware Security Advisory VMSA-2020-0023.1.

ESXi-7.0U1a-17119627-standard
Profile Name ESXi-7.0U1a-17119627-standard
Build For build information, see Patches Contained in this Release.
Vendor VMware, Inc.
Release Date November 4, 2020
Acceptance Level PartnerSupported
Affected Hardware N/A
Affected Software N/A
Affected VIBs
  • VMware_bootbank_vdfs_7.0.1-0.10.17119627
  • VMware_bootbank_vdfs_7.0.1-0.10.17119627
  • VMware_bootbank_esx-base_7.0.1-0.10.17119627
  • VMware_bootbank_native-misc-drivers_7.0.1-0.10.17119627
  • VMware_bootbank_esx-xserver_7.0.1-0.10.17119627
  • VMware_bootbank_crx_7.0.1-0.10.17119627
  • VMware_bootbank_esx-dvfilter-generic-fastpath_7.0.1-0.10.17119627
  • VMware_bootbank_cpu-microcode_7.0.1-0.10.17119627
  • VMware_bootbank_vsan_7.0.1-0.10.17119627
  • VMware_bootbank_gc_7.0.1-0.10.17119627
  • VMware_bootbank_esx-ui_1.34.4-16668064
  • VMware_bootbank_vsanhealth_7.0.1-0.10.17119627
  • VMware_bootbank_loadesx_7.0.1-0.10.17119627
  • VMware_bootbank_esx-update_7.0.1-0.10.17119627
PRs Fixed N/A
Related CVE numbers CVE-2020-3992

This patch updates the following issue:

  • OpenSLP as used in ESXi has a use-after-free issue. This issue might allow a malicious actor with network access to port 427 on an ESXi host to trigger a use-after-free in the OpenSLP service resulting in remote code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-3992 to this issue. For more information, see VMware Security Advisory VMSA-2020-0023.1.

ESXi-7.0U1a-17119627-no-tools
Profile Name ESXi-7.0U1a-17119627-no-tools
Build For build information, see Patches Contained in this Release.
Vendor VMware, Inc.
Release Date November 4, 2020
Acceptance Level PartnerSupported
Affected Hardware N/A
Affected Software N/A
Affected VIBs
  • VMware_bootbank_vdfs_7.0.1-0.10.17119627
  • VMware_bootbank_vdfs_7.0.1-0.10.17119627
  • VMware_bootbank_esx-base_7.0.1-0.10.17119627
  • VMware_bootbank_native-misc-drivers_7.0.1-0.10.17119627
  • VMware_bootbank_esx-xserver_7.0.1-0.10.17119627
  • VMware_bootbank_crx_7.0.1-0.10.17119627
  • VMware_bootbank_esx-dvfilter-generic-fastpath_7.0.1-0.10.17119627
  • VMware_bootbank_cpu-microcode_7.0.1-0.10.17119627
  • VMware_bootbank_vsan_7.0.1-0.10.17119627
  • VMware_bootbank_gc_7.0.1-0.10.17119627
  • VMware_bootbank_esx-ui_1.34.4-16668064
  • VMware_bootbank_vsanhealth_7.0.1-0.10.17119627
  • VMware_bootbank_loadesx_7.0.1-0.10.17119627
  • VMware_bootbank_esx-update_7.0.1-0.10.17119627
PRs Fixed N/A
Related CVE numbers CVE-2020-3992

This patch updates the following issue:

  • OpenSLP as used in ESXi has a use-after-free issue. This issue might allow a malicious actor with network access to port 427 on an ESXi host to trigger a use-after-free in the OpenSLP service resulting in remote code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-3992 to this issue. For more information, see VMware Security Advisory VMSA-2020-0023.1.

ESXi Image - 7.0U1a – 17119627
Name ESXi
Version 7.0.1-0.10.17119627
Release Date November 4, 2020
Category Security
Affected Components​
  • VMware_bootbank_vdfs_7.0.1-0.10.17119627
  • VMware_bootbank_vdfs_7.0.1-0.10.17119627
  • VMware_bootbank_esx-base_7.0.1-0.10.17119627
  • VMware_bootbank_native-misc-drivers_7.0.1-0.10.17119627
  • VMware_bootbank_esx-xserver_7.0.1-0.10.17119627
  • VMware_bootbank_crx_7.0.1-0.10.17119627
  • VMware_bootbank_esx-dvfilter-generic-fastpath_7.0.1-0.10.17119627
  • VMware_bootbank_cpu-microcode_7.0.1-0.10.17119627
  • VMware_bootbank_vsan_7.0.1-0.10.17119627
  • VMware_bootbank_gc_7.0.1-0.10.17119627
  • VMware_bootbank_esx-ui_1.34.4-16668064
  • VMware_bootbank_vsanhealth_7.0.1-0.10.17119627
  • VMware_bootbank_loadesx_7.0.1-0.10.17119627
  • VMware_bootbank_esx-update_7.0.1-0.10.17119627
PRs Fixed  N/A
Related CVE numbers CVE-2020-3992

 

    Known Issues from Earlier Releases

    To view a list of previous known issues, click here.

    check-circle-line exclamation-circle-line close-line
    Scroll to top icon