Highlighted
Contributor
Contributor

Determining Patch Obsolesence for an Audit

Jump to solution

I have wasted a bit of time on this, if someone can enlighten me I will be most appreciated:

  • A vulnerability scan says as per VMSA-2015-0001 we need ESXi550-201403102-SG.
  • I look on host for this patch and I see "Obsoleted by host"
  • Lots of googling later, I see that the VIB that is updated is "tools-light"
  • Manually, I determine that ESXi550-201512403-BG is the patch that updated this VIB.
  • Auditor say great, now prove that ESXi550-201512403-BG supercedes ESXi550-201403102-SG.

Can someone please tell me the shortcut on this one? How to prove that a certain patch supercedes another?

Tags (2)
0 Kudos
1 Solution

Accepted Solutions
Highlighted
User Moderator
User Moderator

Hello,

I use VUM to do that. It would show you those patches that are applicable and those that are no longer applicable and the order in which they show up in the list is important. Newer patches have newer dates.

The real question is not which supercedes but is the fix in one (SG) in the other (BG). One is a BugFix (BG) and the other a Security Fix (SG). For that you may need the changelog if it is available from VMware.

First go to VMware ESXi 5.5, Patch ESXi550-201403102-SG: Updates ESXi 5.5 tools-light vib (2065827) | VMware KB  then to VMware ESXi 5.5, Patch ESXi550-201512403-BG: Updates tools-light (2135793) | VMware KB.

The information you need is in there. Specifically look at tools-light version numbers.

Best regards,

Edward L. Haletky

--
Edward L. Haletky
vExpert XII: 2009-2020,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

View solution in original post

0 Kudos
1 Reply
Highlighted
User Moderator
User Moderator

Hello,

I use VUM to do that. It would show you those patches that are applicable and those that are no longer applicable and the order in which they show up in the list is important. Newer patches have newer dates.

The real question is not which supercedes but is the fix in one (SG) in the other (BG). One is a BugFix (BG) and the other a Security Fix (SG). For that you may need the changelog if it is available from VMware.

First go to VMware ESXi 5.5, Patch ESXi550-201403102-SG: Updates ESXi 5.5 tools-light vib (2065827) | VMware KB  then to VMware ESXi 5.5, Patch ESXi550-201512403-BG: Updates tools-light (2135793) | VMware KB.

The information you need is in there. Specifically look at tools-light version numbers.

Best regards,

Edward L. Haletky

--
Edward L. Haletky
vExpert XII: 2009-2020,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

View solution in original post

0 Kudos