This document tracks the release of 8.x patches to the Photon Operating System bundled in VMware vCenter Server.

You can download the deliverables from the Broadcom Support Portal. For download instructions, see Download Broadcom products and software.

Installation Steps

To apply the Photon OS security patches to the vCenter Server Appliance, you can use one of the methods.

  • Deploy a new vCenter Server by using either the GUI or the CLI installer.

    For information about doing a fresh install of the vCenter Server Appliance, see Deploying the vCenter Server Appliance.

  • Upgrade to the version of the vCenter Server Appliance containing the latest Photon OS security patches by using either the GUI or the CLI installer.

    For information about upgrading the vCenter Server Appliance, see Upgrading the vCenter Server Appliance.

  • Patch the appliance either by using the appliance shell or the Appliance Management Interface.

    IMPORTANT: You can update the vCenter Server Appliance with Photon OS patches released within one and the same Update release. 

    For information on patching the vCenter Server Appliance, see Patching and Updating vCenter Server 8.0 Deployments.

  • Perform a file-based backup and restore where in the restore process you deploy a new appliance containing the latest Photon OS security patches..

    For information performing a file-based backup and restore of the vCenter Server Appliance, see Restore vCenter Server from a File-Based Backup.

  • Migrate a vCenter Server on Windows instance to a version of the vCenter Server Appliance containing the latest Photon OS security patches.

    For information about performing a migration of vCenter Server on Windows to vCenter Server Appliance, see Migrating vCenter Server for Windows to vCenter Server Appliance.

vCenter Server 8.0 Photon OS Security Patches

vCenter Server 8.0 Update 3b

  • Release Date

    Build Number

    Patch Name

    Affect Package

    New Package Version

    CVEs Addressed

    17 September 2024

    24262322

    vCenter Server 8.0 Update 3b

    (Security fixes for Photon OS)

    ruby

    2.7.4-12

    CVE-2024-27282

    zlib

    1.2.11-6.ph4

    CVE-2023-45853

    util-linux

    2.37.4-2.ph4

    CVE-2024-28085

    openssl

    3.0.14-2.ph4

    CVE-2023-50782

    CVE-2024-2511

    CVE-2024-4741

    CVE-2024-5535

    httpd

    2.4.62-1.ph4

    CVE-2024-27316

    CVE-2024-39573

    glibc

    2.32-19.ph4

    CVE-2023-4911

    CVE-2024-2961

    expat

    2.4.9-2.ph4

    CVE-2023-52425 & CVE-2023-52426

    CVE-2024-28757

    curl

    8.7.1-1.ph4

    CVE-2024-2004,CVE-2024-2398

    CVE-2023-46218,CVE-2023-46219

    linux

    5.10.219-3.ph4

    CVE-2024-23307 and CVE-2024-22099

    CVE-2024-26584

    CVE-2023-52447/2023-52458/2023-52482

    CVE-2024-26583, CVE-2024-26585, and CVE-2024-26589

    CVE-2023-52585

    CVE-2024-26642, CVE-2023-52620

    CVE-2024-26643

    CVE-2023-1192

    CVE-2024-36901

    CVE-2022-48666

    libxml2

    2.9.12-14.ph4

    CVE-2024-34459

vCenter Server 8.0 Update 2b

  • Release Date

    Build Number

    Patch Name

    Affect Package

    New Package Version

    CVEs Addressed

    29 February 2024

    23319993

    vCenter Server 8.0 Update 2b

    (Security fixes for Photon OS)

    apache-tomcat

    8.5.93-2.ph4

    CVE-2023-34981

    CVE-2023-28709

    CVE-2023-28708

    bindutils

    9.16.42-4.ph4

    CVE-2023-3341

    CVE-2023-2829

    CVE-2023-2828

    CVE-2023-2911

    c-ares

    1.19.1-1.ph4

    CVE-2023-31130

    CVE-2023-31147

    CVE-2023-32067

    CVE-2023-31124

    curl

    8.1.2-6.ph4

    CVE-2023-38545

    CVE-2023-38546

    CVE-2023-38039

    glib

    2.68.4-1.ph4

    CVE-2023-32643

    grub2

    2.06-11.ph4

    CVE-2023-4692

    CVE-2023-4693

    CVE-2022-28736

    CVE-2021-3697

    CVE-2021-3695

    CVE-2022-28734

    httpd

    2.4.58-2.ph4

    CVE-2023-31122

    libcap

    2.43-3.ph4

    CVE-2023-2602

    CVE-2023-2603

    libssh2

    1.11.0-1.ph4

    CVE-2020-22218

    libuv

    1.45.0-1.ph4

    CVE-2024-24806

    libxml2

    2.9.12-12.ph4

    CVE-2023-45322

    CVE-2023-39615

    linux

    5.10.201-1.ph4

    CVE-2023-4244

    CVE-2023-42754

    CVE-2023-42756

    CVE-2023-42755

    CVE-2023-42753

    CVE-2023-22995

    CVE-2023-2176

    CVE-2023-2007

    CVE-2023-4147

    CVE-2023-4128

    CVE-2023-0597

    nss

    3.72-3.ph4

    CVE-2022-36320

    open-vm-tools

    12.3.5-1.ph4

    CVE-2023-34058

    CVE-2023-34059

    CVE-2023-20900

    CVE-2023-20867

    openldap

    2.4.57-4.ph4

    CVE-2023-2953

    openssh

    8.9p1-4.ph4

    CVE-2023-28531

    CVE-2023-38408

    openssl

    3.0.9-8.ph4

    CVE-2023-5678

    CVE-2023-5363

    CVE-2023-4807

    CVE-2023-3817

    CVE-2023-3446

    CVE-2023-2975

    CVE-2023-0464

    CVE-2023-0465

    perl

    5.30.1-6.ph4

    CVE-2023-31486

    postgresql14

    14.10-1.ph4

    CVE-2023-2454

    CVE-2023-2455

    runc

    1.1.4-11.ph4

    CVE-2023-25809

    CVE-2023-27561

    sqlite

    3.38.5-3.ph4

    CVE-2023-36191

    tcpdump

    4.99.4-1.ph4

    CVE-2020-8036

    vim

    9.0.2068-1.ph4

    CVE-2023-46246

    CVE-2023-3896

    CVE-2023-2610

    CVE-2023-2609

    CVE-2023-2426

    xinetd

    2.3.15-10.ph4

    CVE-2013-4342

    samba-client

    4.18.5-2.ph4

    CVE-2018-10919

    CVE-2023-0225

    CVE-2023-0614

    CVE-2023-0922

vCenter Server 8.0 Update 1c

  • Release Date

    Build Number

    Patch Name

    Affect Package

    New Package Version

    CVEs Addressed

    27 July 2023

    22088981

    vCenter Server 8.0 Update 1c (Security fixes for Photon OS)

    apache-tomcat

    8.5.86-1.ph3

    CVE-2022-42252

    CVE-2022-45143

    bindutils

    9.16.38-1.ph3

    CVE-2022-3736

    containerd

    1.6.8-5.ph3

    CVE-2023-25173

    curl

    7.86.0-5.ph3

    CVE-2022-43551

    CVE-2023-23914

    CVE-2023-23916

    CVE-2023-27535

    CVE-2023-27536

    dmidecode

    3.5-1.ph3

    CVE-2023-30630

    dnsmasq

    2.85-4.ph3

    CVE-2022-0934

    e2fsprogs

    1.46.5-2.ph3

    CVE-2022-1304

    expat

    2.2.9-11.ph3

    CVE-2022-43680

    gnutls

    3.6.16-4.ph3

    CVE-2023-0361

    grub2

    2.06-4.ph3

    CVE-2022-2601

    CVE-2022-28733

    httpd

    2.4.56-1.ph3

    CVE-2006-20001

    CVE-2022-36760

    CVE-2023-25690

    CVE-2023-27522

    krb5

    1.17-4.ph3

    CVE-2022-42898

    libarchive

    3.3.3-9.ph3

    CVE-2022-36227

    libxml2

    2.9.11-10.ph3

    CVE-2022-40303

    CVE-2022-40304

    linux

    4.19.283-1.ph3

    CVE-2020-28374

    CVE-2022-3643

    CVE-2022-42896

    CVE-2022-4378

    CVE-2023-0461

    CVE-2023-1281

    CVE-2023-26545

    CVE-2023-2002

    CVE-2023-32233

    CVE-2023-34256

    CVE-2023-23559

    nss

    3.44-10.ph3

    CVE-2020-25648

    CVE-2022-36320

    openssl

    1.0.2zg-1.ph3

    CVE-2022-4450

    CVE-2023-0215

    pkg-config

    0.29.2-4.ph3

    CVE-2021-3800

    python3

    3.7.5-26.ph3

    CVE-2020-10735

    CVE-2022-37454

    CVE-2022-45061

    sudo

    1.9.5-5.ph3

    CVE-2023-22809

    tar

    1.30-6.ph3

    CVE-2022-48303

    vim

    8.2.5169-9.ph3

    CVE-2022-47024

    CVE-2023-0049

    CVE-2023-0051

    CVE-2023-0054

    CVE-2023-0433

    CVE-2023-2426

vCenter Server 8.0b

  • Release Date

    Build Number

    Patch Name

    Affect Package

    New Package Version

    CVEs Addressed

    14 February 2023

    21216066

    vCenter Server 8.0b (Security fixes for Photon OS)

    apache-ant

    1.10.12-1.ph3

    CVE-2020-11979

    CVE-2017-1000487

    CVE-2022-24839

    apache-tomcat

    8.5.78-2.ph3

    CVE-2022-29885

    c-ares

    1.16.1-2.ph3

    CVE-2020-8277

    cifs-utils

    6.8-4.ph3

    CVE-2022-27239

    containerd

    1.4.13-5.ph3

    CVE-2022-23648

    curl

    7.86.0-2.ph3

    CVE-2022-32207

    CVE-2022-22576

    CVE-2022-27782

    CVE-2022-27781

    CVE-2022-27775

    CVE-2021-22946

    CVE-2021-22926

    CVE-2020-8286

    CVE-2020-8285

    CVE-2022-42915

    CVE-2022-42916

    glibc

    2.28-22.ph3

    CVE-2022-23219   

    CVE-2022-23218   

    CVE-2021-33574   

    CVE-2021-35942   

    CVE-2021-3999   

    CVE-2021-3998   

    CVE-2021-43396   

    CVE-2021-38604   

    CVE-2021-3326

    libarchive

    3.3.3-8.ph3

    CVE-2021-31566

    CVE-2021-23177

    libtasn1

    4.14-2.ph3

    CVE-2021-46848

    libxml2

    2.9.11-8.ph3

    CVE-2022-2309

    libxslt

    1.1.34-1.ph3

    CVE-2021-30560

    linux

    4.19.264-6.ph3

    CVE-2022-2977   

    CVE-2022-39842   

    CVE-2022-2938   

    CVE-2022-20368   

    CVE-2022-2327   

    CVE-2022-34918   

    CVE-2022-32250   

    CVE-2022-1786   

    CVE-2022-29581   

    CVE-2022-30594   

    CVE-2022-1652   

    CVE-2022-27666   

    CVE-2022-1011   

    CVE-2022-24958   

    CVE-2021-4197   

    CVE-2021-4037   

    CVE-2022-36946

    nghttp2

    1.41.0-2.ph3

    CVE-2015-8659

    CVE-2020-11080

    openldap

    2.4.57-3.ph3

    CVE-2022-29155

    openssl

    1.0.2ze-3.ph3

    CVE-2022-2068

    CVE-2022-1292

    CVE-2022-0778

    CVE-2021-23840

    pcre

    8.44-2.ph3

    CVE-2019-20838

    postgresql

    10.22-1.ph3

    CVE-2022-2625

    ruby 

    2.5.8-4.ph3

    CVE-2020-10663

    CVE-2020-25613

    runc

    1.1.3-3.ph3

    CVE-2022-29162

    sysstat

    12.7.1-1.ph3

    CVE-2022-39377

check-circle-line exclamation-circle-line close-line
Scroll to top icon