This document tracks the release of 8.x patches to the Photon Operating System bundled in VMware vCenter Server.
You can download the deliverables from the Broadcom Support Portal. For download instructions, see Download Broadcom products and software.
To apply the Photon OS security patches to the vCenter Server Appliance, you can use one of the methods.
Deploy a new vCenter Server by using either the GUI or the CLI installer.
For information about doing a fresh install of the vCenter Server Appliance, see Deploying the vCenter Server Appliance.
Upgrade to the version of the vCenter Server Appliance containing the latest Photon OS security patches by using either the GUI or the CLI installer.
For information about upgrading the vCenter Server Appliance, see Upgrading the vCenter Server Appliance.
Patch the appliance either by using the appliance shell or the Appliance Management Interface.
IMPORTANT: You can update the vCenter Server Appliance with Photon OS patches released within one and the same Update release.
For information on patching the vCenter Server Appliance, see Patching and Updating vCenter Server 8.0 Deployments.
Perform a file-based backup and restore where in the restore process you deploy a new appliance containing the latest Photon OS security patches..
For information performing a file-based backup and restore of the vCenter Server Appliance, see Restore vCenter Server from a File-Based Backup.
Migrate a vCenter Server on Windows instance to a version of the vCenter Server Appliance containing the latest Photon OS security patches.
For information about performing a migration of vCenter Server on Windows to vCenter Server Appliance, see Migrating vCenter Server for Windows to vCenter Server Appliance.
| Release Date |
Build Number |
Patch Name |
Affect Package |
New Package Version |
CVEs Addressed |
| 17 September 2024 |
24262322 |
(Security fixes for Photon OS) |
ruby |
2.7.4-12 |
CVE-2024-27282 |
| zlib |
1.2.11-6.ph4 |
CVE-2023-45853 |
|||
| util-linux |
2.37.4-2.ph4 |
CVE-2024-28085 |
|||
| openssl |
3.0.14-2.ph4 |
CVE-2023-50782 |
|||
| CVE-2024-2511 |
|||||
| CVE-2024-4741 |
|||||
| CVE-2024-5535 |
|||||
| httpd |
2.4.62-1.ph4 |
CVE-2024-27316 |
|||
| CVE-2024-39573 |
|||||
| glibc |
2.32-19.ph4 |
CVE-2023-4911 |
|||
| CVE-2024-2961 |
|||||
| expat |
2.4.9-2.ph4 |
CVE-2023-52425 & CVE-2023-52426 |
|||
| CVE-2024-28757 |
|||||
| curl |
8.7.1-1.ph4 |
CVE-2024-2004,CVE-2024-2398 |
|||
| CVE-2023-46218,CVE-2023-46219 |
|||||
| linux |
5.10.219-3.ph4 |
CVE-2024-23307 and CVE-2024-22099 |
|||
| CVE-2024-26584 |
|||||
| CVE-2023-52447/2023-52458/2023-52482 |
|||||
| CVE-2024-26583, CVE-2024-26585, and CVE-2024-26589 |
|||||
| CVE-2023-52585 |
|||||
| CVE-2024-26642, CVE-2023-52620 |
|||||
| CVE-2024-26643 |
|||||
| CVE-2023-1192 |
|||||
| CVE-2024-36901 |
|||||
| CVE-2022-48666 |
|||||
| libxml2 |
2.9.12-14.ph4 |
CVE-2024-34459 |
| Release Date |
Build Number |
Patch Name |
Affect Package |
New Package Version |
CVEs Addressed |
| 29 February 2024 |
23319993 |
(Security fixes for Photon OS) |
apache-tomcat |
8.5.93-2.ph4 |
CVE-2023-34981 CVE-2023-28709 CVE-2023-28708 |
| bindutils |
9.16.42-4.ph4 |
CVE-2023-3341 CVE-2023-2829 CVE-2023-2828 CVE-2023-2911 |
|||
| c-ares |
1.19.1-1.ph4 |
CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 CVE-2023-31124 |
|||
| curl |
8.1.2-6.ph4 |
CVE-2023-38545 CVE-2023-38546 CVE-2023-38039 |
|||
| glib |
2.68.4-1.ph4 |
CVE-2023-32643 |
|||
| grub2 |
2.06-11.ph4 |
CVE-2023-4692 CVE-2023-4693 CVE-2022-28736 CVE-2021-3697 CVE-2021-3695 CVE-2022-28734 |
|||
| httpd |
2.4.58-2.ph4 |
CVE-2023-31122 |
|||
| libcap |
2.43-3.ph4 |
CVE-2023-2602 CVE-2023-2603 |
|||
| libssh2 |
1.11.0-1.ph4 |
CVE-2020-22218 |
|||
| libuv |
1.45.0-1.ph4 |
CVE-2024-24806 |
|||
| libxml2 |
2.9.12-12.ph4 |
CVE-2023-45322 CVE-2023-39615 |
|||
| linux |
5.10.201-1.ph4 |
CVE-2023-4244 CVE-2023-42754 CVE-2023-42756 CVE-2023-42755 CVE-2023-42753 CVE-2023-22995 CVE-2023-2176 CVE-2023-2007 CVE-2023-4147 CVE-2023-4128 CVE-2023-0597 |
|||
| nss |
3.72-3.ph4 |
CVE-2022-36320 |
|||
| open-vm-tools |
12.3.5-1.ph4 |
CVE-2023-34058 CVE-2023-34059 CVE-2023-20900 CVE-2023-20867 |
|||
| openldap |
2.4.57-4.ph4 |
CVE-2023-2953 |
|||
| openssh |
8.9p1-4.ph4 |
CVE-2023-28531 CVE-2023-38408 |
|||
| openssl |
3.0.9-8.ph4 |
CVE-2023-5678 CVE-2023-5363 CVE-2023-4807 CVE-2023-3817 CVE-2023-3446 CVE-2023-2975 CVE-2023-0464 CVE-2023-0465 |
|||
| perl |
5.30.1-6.ph4 |
CVE-2023-31486 |
|||
| postgresql14 |
14.10-1.ph4 |
CVE-2023-2454 CVE-2023-2455 |
|||
| runc |
1.1.4-11.ph4 |
CVE-2023-25809 CVE-2023-27561 |
|||
| sqlite |
3.38.5-3.ph4 |
CVE-2023-36191 |
|||
| tcpdump |
4.99.4-1.ph4 |
CVE-2020-8036 |
|||
| vim |
9.0.2068-1.ph4 |
CVE-2023-46246 CVE-2023-3896 CVE-2023-2610 CVE-2023-2609 CVE-2023-2426 |
|||
| xinetd |
2.3.15-10.ph4 |
CVE-2013-4342 |
|||
| samba-client |
4.18.5-2.ph4 |
CVE-2018-10919 CVE-2023-0225 CVE-2023-0614 CVE-2023-0922 |
| Release Date |
Build Number |
Patch Name |
Affect Package |
New Package Version |
CVEs Addressed |
|---|---|---|---|---|---|
| 27 July 2023 |
22088981 |
vCenter Server 8.0 Update 1c (Security fixes for Photon OS) |
apache-tomcat |
8.5.86-1.ph3 |
CVE-2022-42252 |
| CVE-2022-45143 |
|||||
| bindutils |
9.16.38-1.ph3 |
CVE-2022-3736 |
|||
| containerd |
1.6.8-5.ph3 |
CVE-2023-25173 |
|||
| curl |
7.86.0-5.ph3 |
CVE-2022-43551 |
|||
| CVE-2023-23914 |
|||||
| CVE-2023-23916 |
|||||
| CVE-2023-27535 |
|||||
| CVE-2023-27536 |
|||||
| dmidecode |
3.5-1.ph3 |
CVE-2023-30630 |
|||
| dnsmasq |
2.85-4.ph3 |
CVE-2022-0934 |
|||
| e2fsprogs |
1.46.5-2.ph3 |
CVE-2022-1304 |
|||
| expat |
2.2.9-11.ph3 |
CVE-2022-43680 |
|||
| gnutls |
3.6.16-4.ph3 |
CVE-2023-0361 |
|||
| grub2 |
2.06-4.ph3 |
CVE-2022-2601 |
|||
| CVE-2022-28733 |
|||||
| httpd |
2.4.56-1.ph3 |
CVE-2006-20001 |
|||
| CVE-2022-36760 |
|||||
| CVE-2023-25690 |
|||||
| CVE-2023-27522 |
|||||
| krb5 |
1.17-4.ph3 |
CVE-2022-42898 |
|||
| libarchive |
3.3.3-9.ph3 |
CVE-2022-36227 |
|||
| libxml2 |
2.9.11-10.ph3 |
CVE-2022-40303 |
|||
| CVE-2022-40304 |
|||||
| linux |
4.19.283-1.ph3 |
CVE-2020-28374 |
|||
| CVE-2022-3643 |
|||||
| CVE-2022-42896 |
|||||
| CVE-2022-4378 |
|||||
| CVE-2023-0461 |
|||||
| CVE-2023-1281 |
|||||
| CVE-2023-26545 |
|||||
| CVE-2023-2002 |
|||||
| CVE-2023-32233 |
|||||
| CVE-2023-34256 |
|||||
| CVE-2023-23559 |
|||||
| nss |
3.44-10.ph3 |
CVE-2020-25648 |
|||
| CVE-2022-36320 |
|||||
| openssl |
1.0.2zg-1.ph3 |
CVE-2022-4450 |
|||
| CVE-2023-0215 |
|||||
| pkg-config |
0.29.2-4.ph3 |
CVE-2021-3800 |
|||
| python3 |
3.7.5-26.ph3 |
CVE-2020-10735 |
|||
| CVE-2022-37454 |
|||||
| CVE-2022-45061 |
|||||
| sudo |
1.9.5-5.ph3 |
CVE-2023-22809 |
|||
| tar |
1.30-6.ph3 |
CVE-2022-48303 |
|||
| vim |
8.2.5169-9.ph3 |
CVE-2022-47024 |
|||
| CVE-2023-0049 |
|||||
| CVE-2023-0051 |
|||||
| CVE-2023-0054 |
|||||
| CVE-2023-0433 |
|||||
| CVE-2023-2426 |
| Release Date |
Build Number |
Patch Name |
Affect Package |
New Package Version |
CVEs Addressed |
|---|---|---|---|---|---|
| 14 February 2023 |
21216066 |
vCenter Server 8.0b (Security fixes for Photon OS) |
apache-ant |
1.10.12-1.ph3 |
CVE-2020-11979 |
| CVE-2017-1000487 |
|||||
| CVE-2022-24839 |
|||||
| apache-tomcat |
8.5.78-2.ph3 |
CVE-2022-29885 |
|||
| c-ares |
1.16.1-2.ph3 |
CVE-2020-8277 |
|||
| cifs-utils |
6.8-4.ph3 |
CVE-2022-27239 |
|||
| containerd |
1.4.13-5.ph3 |
CVE-2022-23648 |
|||
| curl |
7.86.0-2.ph3 |
CVE-2022-32207 |
|||
| CVE-2022-22576 |
|||||
| CVE-2022-27782 |
|||||
| CVE-2022-27781 |
|||||
| CVE-2022-27775 |
|||||
| CVE-2021-22946 |
|||||
| CVE-2021-22926 |
|||||
| CVE-2020-8286 |
|||||
| CVE-2020-8285 |
|||||
| CVE-2022-42915 |
|||||
| CVE-2022-42916 |
|||||
| glibc |
2.28-22.ph3 |
CVE-2022-23219 |
|||
| CVE-2022-23218 |
|||||
| CVE-2021-33574 |
|||||
| CVE-2021-35942 |
|||||
| CVE-2021-3999 |
|||||
| CVE-2021-3998 |
|||||
| CVE-2021-43396 |
|||||
| CVE-2021-38604 |
|||||
| CVE-2021-3326 |
|||||
| libarchive |
3.3.3-8.ph3 |
CVE-2021-31566 |
|||
| CVE-2021-23177 |
|||||
| libtasn1 |
4.14-2.ph3 |
CVE-2021-46848 |
|||
| libxml2 |
2.9.11-8.ph3 |
CVE-2022-2309 |
|||
| libxslt |
1.1.34-1.ph3 |
CVE-2021-30560 |
|||
| linux |
4.19.264-6.ph3 |
CVE-2022-2977 |
|||
| CVE-2022-39842 |
|||||
| CVE-2022-2938 |
|||||
| CVE-2022-20368 |
|||||
| CVE-2022-2327 |
|||||
| CVE-2022-34918 |
|||||
| CVE-2022-32250 |
|||||
| CVE-2022-1786 |
|||||
| CVE-2022-29581 |
|||||
| CVE-2022-30594 |
|||||
| CVE-2022-1652 |
|||||
| CVE-2022-27666 |
|||||
| CVE-2022-1011 |
|||||
| CVE-2022-24958 |
|||||
| CVE-2021-4197 |
|||||
| CVE-2021-4037 |
|||||
| CVE-2022-36946 |
|||||
| nghttp2 |
1.41.0-2.ph3 |
CVE-2015-8659 |
|||
| CVE-2020-11080 |
|||||
| openldap |
2.4.57-3.ph3 |
CVE-2022-29155 |
|||
| openssl |
1.0.2ze-3.ph3 |
CVE-2022-2068 |
|||
| CVE-2022-1292 |
|||||
| CVE-2022-0778 |
|||||
| CVE-2021-23840 |
|||||
| pcre |
8.44-2.ph3 |
CVE-2019-20838 |
|||
| postgresql |
10.22-1.ph3 |
CVE-2022-2625 |
|||
| ruby |
2.5.8-4.ph3 |
CVE-2020-10663 |
|||
| CVE-2020-25613 |
|||||
| runc |
1.1.3-3.ph3 |
CVE-2022-29162 |
|||
| sysstat |
12.7.1-1.ph3 |
CVE-2022-39377 |
