패치 적용 방법 :
# Cut and paste these commands into an ESXi shell to update your host with this Imageprofile # See the Help page for more instructions # esxcli network firewall ruleset set -e true -r httpClient esxcli software profile update -p ESXi-6.5.0-20180104001-standard \ -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml esxcli network firewall ruleset set -e false -r httpClient # # Reboot to complete the upgrade
2018-01-09
Imageprofile ESXi-6.5.0-20180104001-standard (Build 7526125) includes the following updated VIBs:
| Name | Version | Vendor | Summary | Category | Severity | Bulletin |
|---|---|---|---|---|---|---|
| cpu-microcode | 6.5.0-1.38.7526125 | VMware | Updates the ESX 6.5.0 cpu-microcode | bugfix | important | ESXi650-201801402-BG |
| esx-base | 6.5.0-1.38.7526125 | VMware | Updates the ESX 6.5.0 esx-base | bugfix | important | ESXi650-201801401-BG |
| esx-tboot | 6.5.0-1.38.7526125 | VMware | Updates the ESX 6.5.0 esx-tboot | bugfix | important | ESXi650-201801401-BG |
| vsan | 6.5.0-1.38.7395176 | VMware | Updates the ESX 6.5.0 vsan | bugfix | critical | ESXi650-201801401-BG |
| vsanhealth | 6.5.0-1.38.7395177 | VMware | ESXi VSAN Health Service | unknown | unknown | ESXi650-201801401-BG |
(For more information see KB52200.)
출처 : https://esxi-patches.v-front.de/ESXi-6.5.0.html
1. Summary
VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution.
2. Relevant Products
- VMware vSphere ESXi (ESXi)
- VMware Workstation Pro / Player (Workstation)
- VMware Fusion Pro / Fusion (Fusion)
3. Problem Description
Bounds-Check bypass and Branch Target Injection issues
CPU data cache timing can be abused to efficiently leak information out of mis-speculated CPU execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. (Speculative execution is an automatic and inherent CPU performance optimization used in all modern processors.) ESXi, Workstation and Fusion are vulnerable to Bounds Check Bypass and Branch Target Injection issues resulting from this vulnerability.
Result of exploitation may allow for information disclosure from one Virtual Machine to another Virtual Machine that is running on the same host. The remediation listed in the table below is for the known variants of the Bounds Check Bypass and Branch Target Injection issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-5753 (Bounds Check bypass) and CVE-2017-5715 (Branch Target Injection) to these issues.
Column 5 of the following table lists the action required to remediate the observed vulnerability in each release, if a solution is available.
VMware Product
Product Version
Running on
Severity
Replace with/ Apply Patch
Mitigation/ Workaround
* This patch has remediation against CVE-2017-5715 but not against CVE-2017-5753.
4. Solution
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware ESXi 6.5
Downloads:
https://my.vmware.com/group/vmware/patch
Documentation:
http://kb.vmware.com/kb/2151099
VMware ESXi 6.0
Downloads:
https://my.vmware.com/group/vmware/patch
Documentation:
http://kb.vmware.com/kb/2151132
VMware ESXi 5.5
Downloads:
https://my.vmware.com/group/vmware/patch
Documentation:
http://kb.vmware.com/kb/2150876
VMware Workstation Pro, Player 12.5.8
Downloads and Documentation:
https://www.vmware.com/go/downloadworkstation
https://www.vmware.com/support/pubs/ws_pubs.html
VMware Fusion Pro / Fusion 12.5.9
Downloads and Documentation:
https://www.vmware.com/go/downloadfusion
https://www.vmware.com/support/pubs/fusion_pubs.html