VMware Cloud Community
kwg66
Hot Shot
Hot Shot
‎11-18-2020 11:50 AM

Patching question

Refresh my memory, I know patches are supposed to be cumulative, but I'm not certain the "cumulation" of a security patch actually upgrades vSphere..  say from 6.5 U1 to 6.5 U3..   

 

Another way to ask is "If I apply a new security patch to a 6.5U1 system  and then shortly afterward upgrade that system to 6.5U3, will this patch still be in affect?   and If its cumulative do I even have to upgrade to vSPhere 6.5U3 or would I already be there as a result of apply the "cumulative" security patch.  

Thanks in advance for this refresh of the basics

 

0 Kudos
3 Replies
scott28tt
VMware Employee
VMware Employee
‎11-18-2020 01:10 PM

@kwg66 

Moderator: Please create threads in the area for the product used - moved to ESXi Discussions


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
e_espinel
Virtuoso
Virtuoso
‎11-19-2020 08:10 AM

Hello.
Patches are cumulative, in the documentation of each patch package you can check what they contain.
Individual security patches are eventually included in the next general patch package.
Security patches do not usually include drivers or vmware tools.
If you apply a security patch and after some time the next general patch is only updated with the newest one.
Attached are several links to the latest patch levels

https://kb.vmware.com/s/article/1014508

https://kb.vmware.com/s/article/2143832

 

Enrique Espinel
Senior Technical Support on IBM, Lenovo, Veeam Backup and VMware vSphere.
VSP-SV, VTSP-SV, VTSP-HCI, VTSP
Please mark my comment as Correct Answer or assign Kudos if my answer was helpful to you, Thank you.
Пожалуйста, отметьте мой комментарий как Правильный ответ или поставьте Кудо, если мой ответ был вам полезен, Спасибо.
0 Kudos
kwg66
Hot Shot
Hot Shot
‎11-19-2020 08:47 AM

In our attempts to apply the latest security patches just released they failed on our ESXi 6.5. Patch 01 and ESXi 6.5 U1g builds with the following error from VUM logs:

If you can't read the below image it says "One or more VIBs mapping to Bulletin ESXi670-202011301-SG have dependencies not installed on the system"  ..   so much for the cumulation. 

If the patch was truly cumulative if would contain the dependencies required for installation.   Nowhere in the security bulletin does it indicate a specific detail pertaining to exact versions of vSphere 6.5 required for the patch.  So what ever VMware might have published, or what you think you understand about this, is hogwash if it doesn't work as designed.    

I put this post together to determine the impact on the patch of upgrading after we applied the security patch.. but apparently this post is now completely irrelevant because we can't apply the patch until we upgrade.. and yes upgrading to 6.5U3, or 6.7U3 first then applying the patch worked out just fine...   

 

Untitled.png

 

0 Kudos