4 Replies Latest reply on Feb 13, 2015 8:24 AM by virtualkitten

    Patching security vulnerabilities in standalone ESXi 5.0/5.5 vSpehere

    virtualkitten Novice

      Hi,

       

      This should a simple one but I would like to get some information from the experienced administrators and users here, and yes... I did search about the topic already but most of the documentation points to the official way of using vCenter and some other tools that require vCenter

       

      As you all know there are several vulnerabilities affecting VMWare ESXi hosts, some remotely exploitable... with the information I have to patch an ESXi host you could do

       

      esxcli software vib update -d ="PATH_TO_THE_PATCH.ZIP"
      

       

      That should be everything according to this VMware KB: Installing patches on an ESXi 5.x host from the command line however, when I list esxcli vib list, I do not see my patches there... and the process shows "install vibs: none", if I do "install" instead of update then it shows lot of vibs to install/update but nothing related to the security patch.

       

      Let's say I want to apply a patch, so I go to find it http://i.imgur.com/TU8hcu1.png next step would be downloading the patch http://i.imgur.com/moteMeL.png into the HOST which can be done in many ways. Once you have the patch you just put the host in maintenance mode and run the esxcli command to update the patch.

       

      Is the above correct, I am doing something wrong, some risk involved ? shall I be using install instead of update ?

       

      I need to update some ESXi 5.0 and 5.5 hosts but I do not have them in a cluster,etc. So if something happens to the host and it does not boot again restoring the vm's will take lot of time.

       

      Any comment will be appreciated, all constructive and destructive comments are welcome, thanks in advance