New Security Patch – vCenter Server 6.5 U1f

VMware released today a new security patch, vCenter Server 6.5 U1f, build number 7801515. This release patches the vCSA operating system (Photon OS) mainly against two vulnerabilities: bounds-check bypass (Spectre-1, CVE-2017-5753) and rogue data cache load issues (Meltdown, CVE-2017-5754). As of now, there is still no patch for branch target injection vulnerability (Spectre-2, CVE-2017-5715).

The new patch can already be downloaded from My VMware portal (VMware-VCSA-all-6.5.0-7801515.iso, 3607.6 MB), but it’s not yet available on the online repository for update using management GUI or CLI. Update 16 February 2018: the patch is available on the online repository, see below for details.

Updated packages:

  • linux 4.4.110-2
  • libgcrypt 1.7.6-3
  • c-ares 1.12.0-2
  • ncurses 6.0-8
  • libtasn1 4.12-1
  • wget 1.18-3
  • procmail 3.22-4
  • rsync 3.1.2-4
  • apr 1.5.2-7

Read More

vSphere HTML5 Web Client Fling v3.33

New Release – vSphere HTML5 Web Client Fling v3.33

What a release schedule! The team behind vSphere HTML5 Web Client Fling is doing a beautiful job here, one release every other week. I previously blogged about v3.32 of the plugin and the vApp goodies it brought. Here we are in front of a new release, v3.33, with another great set of vApp and VM improvements.

If you don’t use yet the vSphere HTML5 Web Client Fling, you can find here the installation details.

The update process is as easy as described in the How to Update vSphere HTML5 Web Client Fling article. You just hit “Update vSphere Client” button in the management console and the update starts right away:

vSphere HTML5 Web Client Fling - Update
vSphere HTML5 Web Client Fling – Update

After the process is completed and you re-login to the web client, you will see the new version confirmation:

vSphere HTML5 Web Client Fling - Version v3.33
vSphere HTML5 Web Client Fling – Version v3.33

Read More

vSphere HTML5 Web Client Fling v3.32

New Release – vSphere HTML5 Web Client Fling v3.32

You may already know I’m a big fan of vSphere HTML5 Web Client Fling, so you should be not surprised that I follow closely the development of this fling. Last few days like everybody else in the tech world I was busy with Meltdown and Spectre vulnerabilities, but I still managed to notice that the development team released a new version: vSphere HTML5 Web Client Fling v3.32.

If you still don’t use the fling (why wouldn’t you?), see the article How to Install vSphere HTML5 Web Client Fling. If you just need to update it, see How to Update vSphere HTML5 Web Client Fling.

Update 22 January 2018: Development Team does a great job on updating the fling, so here it is the new v3.33 version of vSphere HTML5 Web Client Fling.

So, let’s see, what’s new in vSphere HTML5 Web Client Fling?

Read More

New Release – VMware vCenter Server 6.5 Update 1d

VMware released vCenter Server 6.5 Update 1d (Build 7312210) to update few third party packages and to fix plenty of bugs. This release also brings a new icon for vSAN witness appliances.

You can already download the update from my.vmware.com site (login is required).

vCenter Server 6.5 Update 1d

Note: If you look for VCSA installation instructions, check this article: How to Install VCSA 6.5 (VMware vCenter Server Appliance). If you need update instructions check these articles: Update vCSA using VAMI and Update vCSA using Appliance Shell.

Issues resolved in vCenter Server 6.5 Update 1d

In vCenter 6.5 Update 1d, VMware updated multiple packages:

  • Oracle (Sun) JRE 1.8.0_141
  • Spring Framework 4.3.9
  • OpenSSL 1.0.2l
  • Tomcat 8.5.15
  • Apache Struts 2.5.13
  • Eclipse Jetty 9.2.22

Read More

VMware Security Advisory

VMware Security Advisory VMSA-2017-0017

VMware has released a new security advisory: “VMSA-2017-0017 – VMware vCenter Server update resolves LDAP DoS, SSRF and CLRF injection issues“.

VMSA-2017-0017 advisory covers two issues affecting VMware vCenter Server:

  • CVE-2017-4927 – VMware vCenter Server doesn’t correctly handle specially crafted LDAP network packets which may allow for remote DoS. This issue affects vCenter Server 6.5 and 6.0. vCenter Server 6.5 Update 1 and 6.0 Update 3c fix this issue.
  • CVE-2017-4928 – SSRF and CRLF injection issues in vSphere web client. An attacker may exploit the Flash-based vSphere Web Client by sending a POST request with modified headers towards internal services leading to information disclosure. This issue affects vCenter Server 6.0 and 5.5. vCenter Server 6.0 Update 3c and 5.5 Update 3f fix this issue.

Read More

Update vCenter Server Appliance

How to Update vCenter Server Appliance to 6.5 Update 1b

On 26 October 2017, VMware released VMware vCenter Server 6.5 Update 1b. In this article I will show you how to easily update vCenter Server Appliance (VCSA) from version 6.5.x to the latest 6.5 Update 1b using vCenter Server Appliance Management Interface (VAMI). This version is also identified by version number 6.5.01100  and build number 6816762 (you can check KB2143838 for all vCenter build and version numbers – unfortunately VMware is a little behind to update this KB article).

Note: If you look for VCSA installation instructions, check this article: How to Install VCSA 6.5 (VMware vCenter Server Appliance).

In my case, I will update vCenter Server Appliance from 6.5.0.5500 build 5318154 to the latest 6.5.0.11000 build 6816762. I will start by accessing VAMI, on port 5480 of the vCenter Server (https://vcenter.lab.local:5480/ for my lab). I will authenticate with root user and corresponding password.

Update vCenter Server Appliance - VAMI Login

Read More

How to Trust vCenter SSL Certificate

These days it’s easy to find small environments where VMware vCenter SSL certificate is not signed by a proper certification authority. For example, you just installed vCenter Server in your lab as described in How to Install VCSA 6.5 (VMware vCenter Server Appliance).

Below picture is something you see often in these environments. In this article I will show how to trust all vCenter issued certificates on a single Windows computer. This will take care of vCenter SSL certificate and also the ESXi servers certificates (only for the ESXi servers under vCenter management, of course) in Internet Explorer, Microsoft Edge and Google Chrome.

vCenter SSL Certificate - Internet Explorer Error

Read More

How to Install VCSA 6.5 (VMware vCenter Server Appliance)

In this article I will show you how to install VCSA 6.5 (VMware vCenter Server Appliance).

To start, you need an installation kit of vCenter Server Appliance 6.5. For this article, I will use the VCSA version I downloaded from my VMUG Advantage account (VMware-VCSA-all-6.5.0-5318154.iso).

Note: If you look for VCSA update instructions, check this article: How to Update vCenter Server Appliance to 6.5 Update 1b.

Read More

Latest vCenter and Latest Chrome = No Love

Yesterday I first noticed this Flash plugin crash in my Chrome soon after I entered my vCenter credentials: “Shockwave Flash has crashed – Reload”.
Flash crash in Chrome

I’m running vCenter Server Appliance 6.5 Update 1 (6.5.0.10100 Build Number 6671409) and Chrome Version 61.0.3163.100 (Official Build) (32-bit). Initially I thought this is something related to my setup, I reverted to the old Internet Explorer to do my job, and I forgot about the error.

Read More