Highlighted
Hot Shot
Hot Shot

Patching question

Refresh my memory, I know patches are supposed to be cumulative, but I'm not certain the "cumulation" of a security patch actually upgrades vSphere..  say from 6.5 U1 to 6.5 U3..   

 

Another way to ask is "If I apply a new security patch to a 6.5U1 system  and then shortly afterward upgrade that system to 6.5U3, will this patch still be in affect?   and If its cumulative do I even have to upgrade to vSPhere 6.5U3 or would I already be there as a result of apply the "cumulative" security patch.  

Thanks in advance for this refresh of the basics

 

0 Kudos
3 Replies
Highlighted
VMware Employee
VMware Employee

@kwg66 

Moderator: Please create threads in the area for the product used - moved to ESXi Discussions

Highlighted
Hot Shot
Hot Shot

Hello.
Patches are cumulative, in the documentation of each patch package you can check what they contain.
Individual security patches are eventually included in the next general patch package.
Security patches do not usually include drivers or vmware tools.
If you apply a security patch and after some time the next general patch is only updated with the newest one.
Attached are several links to the latest patch levels

https://kb.vmware.com/s/article/1014508

https://kb.vmware.com/s/article/2143832

 

Enrique Espinel
Senior Technical Consultant IBM, Lenovo and VMware.
VMware VSP-SV 2018, VTSP-SV 2018 VMware Technical Solutions Professional Hyper-Converged Infrastructure (VTSP-HCI 2018)
VMware Technical Solutions Professional (VTSP) 4 / 5.
You find this or any other answer useful, please consider awarding points. Thank you.
Если вы считаете этот или любой другой ответ полезным, пожалуйста, подумайте о присуждении баллов. Спасибо.
0 Kudos
Highlighted
Hot Shot
Hot Shot

In our attempts to apply the latest security patches just released they failed on our ESXi 6.5. Patch 01 and ESXi 6.5 U1g builds with the following error from VUM logs:

If you can't read the below image it says "One or more VIBs mapping to Bulletin ESXi670-202011301-SG have dependencies not installed on the system"  ..   so much for the cumulation. 

If the patch was truly cumulative if would contain the dependencies required for installation.   Nowhere in the security bulletin does it indicate a specific detail pertaining to exact versions of vSphere 6.5 required for the patch.  So what ever VMware might have published, or what you think you understand about this, is hogwash if it doesn't work as designed.    

I put this post together to determine the impact on the patch of upgrading after we applied the security patch.. but apparently this post is now completely irrelevant because we can't apply the patch until we upgrade.. and yes upgrading to 6.5U3, or 6.7U3 first then applying the patch worked out just fine...   

 

Untitled.png

 

0 Kudos