onotskys
Contributor
Contributor

ESXi 7.0 - glibc version

Hi all,

Our corporate vulnerability scanner keeps mis-identifying our ESXi 6.7 hosts as generic Linux hosts, and as a consequence they keep getting tagged as being vulnerable to GHOST (yes, the glibc thing from 2015), due simply by /lib64/glibc.so.6 reporting its version as 2.12 (which is misleading, since VMware backports patches to that base version).

The security team is opening a case with their vendor to try and figure out why the OS version keeps getting mis-reported, but in the meantime, we're looking to upgrade our 6.7 boxen to 7.0u3 for currency reasons.

I've tried finding out what version of glibc is included with 7.0 but I've had no luck, and barring actually upgrading a box, I won't be able to see it for myself.

Could I ask someone to please let me know what version they see on a 7.0 host of theirs?

Thanks in advance for your help!

(PS - I could probably get this from VMware support but for whatever reason, I don't have any entitlements assigned to my account, so I can't open a request...)

Reply
0 Kudos
pkvmw
VMware Employee
VMware Employee

I guess you should be fine with 7.0 U3 then?

[root@ieesxi01:~] vmware -vl
VMware ESXi 7.0.3 build-19193900
VMware ESXi 7.0 Update 3

[root@ieesxi01:~] ls -lsh /lib64/glib*
ls: /lib64/glib*: No such file or directory

Reply
0 Kudos
onotskys
Contributor
Contributor

Thank you for your quick reply!

And my apologies, I was going off of memory, which is clearly clouded by a lack of caffeine.

It should be /lib64/libc.so.6

Please and thank you :slightly_smiling_face:

Reply
0 Kudos