VMware released today a new security patch, vCenter Server 6.5 U1f, build number 7801515. This release patches the vCSA operating system (Photon OS) mainly against two vulnerabilities: bounds-check bypass (Spectre-1, CVE-2017-5753) and rogue data cache load issues (Meltdown, CVE-2017-5754). As of now, there is still no patch for branch target injection vulnerability (Spectre-2, CVE-2017-5715).
The new patch can already be downloaded from My VMware portal (VMware-VCSA-all-6.5.0-7801515.iso, 3607.6 MB), but it’s not yet available on the online repository for update using management GUI or CLI. Update 16 February 2018: the patch is available on the online repository, see below for details.
Updated packages:
- linux 4.4.110-2
- libgcrypt 1.7.6-3
- c-ares 1.12.0-2
- ncurses 6.0-8
- libtasn1 4.12-1
- wget 1.18-3
- procmail 3.22-4
- rsync 3.1.2-4
- apr 1.5.2-7
Recent Comments