VMware Cloud Community
DanBear
Contributor
Contributor
Jump to solution

Is this build of 5.5 U1 vulnerable to Heartbleed? 1892794

Hi,

I've seen that there is a patch for 5.5 U1 for HeartBleed (ESXi550-201404001), we are running build 1892794.  Looking at the patch portal, this contains the following patches:

ESXi550-201407405-BG

KB 2077411

Bug Fix Critical

Updates esx-base

ESXi550-201407401-BG

KB 2077407

Bug Fix Critical

Updates tools-light

ESXi550-201407403-BG

KB 2077409

Bug Fix Important

Updates misc-drivers

ESXi550-201407402-BG

KB 2077408

Bug Fix Important

Updates scsi-megaraid-sas

ESXi550-201407404-BG

KB 2077410

Bug Fix Important

Updates esx-base

ESXi550-201407101-SG

KB 2077414

Security Critical

Updates tools-light

ESXi550-201407102-SG

KB 2077415

Security Important

This suggests that the patch is NOT included in this build, but I've been told that some of these Bug Fixes are cumulative and WILL include the fix.  Which is correct?

Thanks

Reply
0 Kudos
1 Solution

Accepted Solutions
vNEX
Expert
Expert
Jump to solution

Hello Dan,

yes VMware patches are cumulative so with build 1892794 you are already patched for Heartbleed vulnerability.

Patch ESXi550-201404001 will bring you to the 1746018 build which already address HB vulnerability.

Patch ESXi550-201404020 will bring you to the 1746974 build which already address HB vulnerability.

ESXi 5.5 Patch 22014-07-011892794OK
ESXi 5.5 Express Patch 42014-06-111881737OK
ESXi 5.5 Update 1a2014-04-191746018OK
ESXi 5.5 Express Patch 32014-04-191746974OK
ESXi 5.5 Update 12014-03-111623387Vulnerable

For the latest security patches refer to this KB article:

VMware KB: VMware Security Patching Guidelines for ESXi and ESX

So if you want the latest security patch (for ESXi 5.5) go for Patch ESXi550-201410101-SG this will update only esx-base VIB and bring your host to the build 2093874.

Or update whole image with Patch Release ESXi550-201410001 (includes SG above) which will bring you the latest actual build 2143827.(ESXi 5.5 Patch 3)

_________________________________________________________________________________________ If you found this or any other answer helpful, please consider to award points. (use Correct or Helpful buttons) Regards, P.

View solution in original post

Reply
0 Kudos
1 Reply
vNEX
Expert
Expert
Jump to solution

Hello Dan,

yes VMware patches are cumulative so with build 1892794 you are already patched for Heartbleed vulnerability.

Patch ESXi550-201404001 will bring you to the 1746018 build which already address HB vulnerability.

Patch ESXi550-201404020 will bring you to the 1746974 build which already address HB vulnerability.

ESXi 5.5 Patch 22014-07-011892794OK
ESXi 5.5 Express Patch 42014-06-111881737OK
ESXi 5.5 Update 1a2014-04-191746018OK
ESXi 5.5 Express Patch 32014-04-191746974OK
ESXi 5.5 Update 12014-03-111623387Vulnerable

For the latest security patches refer to this KB article:

VMware KB: VMware Security Patching Guidelines for ESXi and ESX

So if you want the latest security patch (for ESXi 5.5) go for Patch ESXi550-201410101-SG this will update only esx-base VIB and bring your host to the build 2093874.

Or update whole image with Patch Release ESXi550-201410001 (includes SG above) which will bring you the latest actual build 2143827.(ESXi 5.5 Patch 3)

_________________________________________________________________________________________ If you found this or any other answer helpful, please consider to award points. (use Correct or Helpful buttons) Regards, P.
Reply
0 Kudos