VMware Cloud Community
hussainbte
Expert
Expert

Applying ESXi Patch ESXi650-202005401-SG

Hi,

just had a question about applying a ESXi patch recently released

ESXi650-202005401-SG

My ESXi 6.5 U2 Patch 3.

I have been told by VMware Support that applying the subject patch on my ESXi host will take my ESXi to 6.5 Update 3.

I dont want my ESXi to be updated to ESXi 6.5 Update 3. (some compatibility issues)

I find it difficult to accept that applying a patch which fixes a certain vulnerability requires your ESXi update version to also be upgraded.

appreciate any inputs which can clear this out for me.. Smiley Happy

If you found my answers useful please consider marking them as Correct OR Helpful Regards, Hussain https://virtualcubes.wordpress.com/
Reply
0 Kudos
3 Replies
Techie01
Hot Shot
Hot Shot

This is correct. The patches for esxi is cumulative. Which means latest patches are built on top of the previously released patches. So applying latest patch binarees  will automatically contain previous release content too.

Are ESXi Patches Cumulative - VMware vSphere Blog

Reply
0 Kudos
peetz
Leadership
Leadership

Greetings,

the VMware support statement is correct. If you apply this security patch then the host will also be updated to U3. In general ESXi patches are cumulative so this is somehow expected, and there is no way to apply this security fix to an U2 system without also updating it to U3.

Of course, in theory, it would be possible for VMware to provide another version of this (or any other) security patch for a U2 system ... and in addition for a U1 system ... and the GA version which would just fix the security issue and not change the update level... However, given the number of available security patches and the update releases of ESXi this would create a plethora of different possible patch combinations for an ESXi host - something that is probably impossible to maintain, validate and cross check for compatibility even for a big software vendor like VMware.

Andreas

Twitter: @VFrontDe, @ESXiPatches | https://esxi-patches.v-front.de | https://vibsdepot.v-front.de
Reply
0 Kudos
larstr
Champion
Champion

hussainbte,

If you're using vSAN you get a new option inside VUM to keep the ESXi hosts patched te the Update level as vCenter:

pastedImage_0.png

Lars

Reply
0 Kudos