Hi,
I've seen that there is a patch for 5.5 U1 for HeartBleed (ESXi550-201404001), we are running build 1892794. Looking at the patch portal, this contains the following patches:
ESXi550-201407405-BG
KB 2077411
Bug Fix Critical
Updates esx-base
ESXi550-201407401-BG
KB 2077407
Bug Fix Critical
Updates tools-light
ESXi550-201407403-BG
KB 2077409
Bug Fix Important
Updates misc-drivers
ESXi550-201407402-BG
KB 2077408
Bug Fix Important
Updates scsi-megaraid-sas
ESXi550-201407404-BG
KB 2077410
Bug Fix Important
Updates esx-base
ESXi550-201407101-SG
KB 2077414
Security Critical
Updates tools-light
ESXi550-201407102-SG
KB 2077415
Security Important
This suggests that the patch is NOT included in this build, but I've been told that some of these Bug Fixes are cumulative and WILL include the fix. Which is correct?
Thanks
Hello Dan,
yes VMware patches are cumulative so with build 1892794 you are already patched for Heartbleed vulnerability.
Patch ESXi550-201404001 will bring you to the 1746018 build which already address HB vulnerability.
Patch ESXi550-201404020 will bring you to the 1746974 build which already address HB vulnerability.
| ESXi 5.5 Patch 2 | 2014-07-01 | 1892794 | OK |
| ESXi 5.5 Express Patch 4 | 2014-06-11 | 1881737 | OK |
| ESXi 5.5 Update 1a | 2014-04-19 | 1746018 | OK |
| ESXi 5.5 Express Patch 3 | 2014-04-19 | 1746974 | OK |
| ESXi 5.5 Update 1 | 2014-03-11 | 1623387 | Vulnerable |
For the latest security patches refer to this KB article:
VMware KB: VMware Security Patching Guidelines for ESXi and ESX
So if you want the latest security patch (for ESXi 5.5) go for Patch ESXi550-201410101-SG this will update only esx-base VIB and bring your host to the build 2093874.
Or update whole image with Patch Release ESXi550-201410001 (includes SG above) which will bring you the latest actual build 2143827.(ESXi 5.5 Patch 3)
Hello Dan,
yes VMware patches are cumulative so with build 1892794 you are already patched for Heartbleed vulnerability.
Patch ESXi550-201404001 will bring you to the 1746018 build which already address HB vulnerability.
Patch ESXi550-201404020 will bring you to the 1746974 build which already address HB vulnerability.
| ESXi 5.5 Patch 2 | 2014-07-01 | 1892794 | OK |
| ESXi 5.5 Express Patch 4 | 2014-06-11 | 1881737 | OK |
| ESXi 5.5 Update 1a | 2014-04-19 | 1746018 | OK |
| ESXi 5.5 Express Patch 3 | 2014-04-19 | 1746974 | OK |
| ESXi 5.5 Update 1 | 2014-03-11 | 1623387 | Vulnerable |
For the latest security patches refer to this KB article:
VMware KB: VMware Security Patching Guidelines for ESXi and ESX
So if you want the latest security patch (for ESXi 5.5) go for Patch ESXi550-201410101-SG this will update only esx-base VIB and bring your host to the build 2093874.
Or update whole image with Patch Release ESXi550-201410001 (includes SG above) which will bring you the latest actual build 2143827.(ESXi 5.5 Patch 3)
