VMware Cloud Community
dtopohaverford
Contributor
Contributor
‎01-23-2018 06:39 AM
Jump to solution

Patching ESXI OEM ISO image

Hello all...

In response to the Meltdown and Spectre vulnerabilities.... I'll be needing to patch my ESXI 6 hosts...

These were originally installed via a custom Fujitsu OEM iso.... my questions is, will the patches overwrite or break any functionality in the current host installation? 

I've actually never used the one-off patches for these hosts as of yet, I always waited until there was a Fujitsu OEM image release like the latest update 3 for ESXI 6 for example.

Any help is appreciated! Thanks....

Dennis,,,,

1 Solution

Accepted Solutions
Finikiez
Champion
Champion
‎01-24-2018 05:53 AM
Jump to solution

All ESXi patches are cumulative, you don't need to choose which VIB to install to fully update your host.

Just use

esxcli software vib update -d <path to ZIP archive> command to update your host

Here detailed instructions are  VMware Knowledge Base

View solution in original post

0 Kudos
7 Replies
Finikiez
Champion
Champion
‎01-23-2018 07:26 AM
Jump to solution

Feel free to install vmware's patches on top of ESXi installed from OEM ISO.

Just keep in mind if you update your host from CLI - user esxcli software vib update command rather than esxcli software vib install

0 Kudos
dtopohaverford
Contributor
Contributor
‎01-23-2018 07:32 AM
Jump to solution

So it's just that easy !?? :smileygrin:  Thanks Finikiez !

0 Kudos
Finikiez
Champion
Champion
‎01-23-2018 07:36 AM
Jump to solution

Definitely it is.

HW vendors only add updated drivers and additional tools (like cli utility to configure local raid controller) into customized ISO. They don't and can't modify VMware's code.

0 Kudos
dtopohaverford
Contributor
Contributor
‎01-23-2018 08:27 AM
Jump to solution

Understood!

One more thing ...if you don't mind. I downloaded the newest patched esxi build...which of course bundles many patches together....

ESXi600-201711001

So I would need to install only the specific vibs that address the Intel speculation vulnerability for example?

Because when unzipped, there are numerous folders each containing different vibs.....driver vibs etc...

I would not want to install the entire build, correct ??

Sorry if I'm unclear...I've only patched via the iso install like I mentioned before

0 Kudos
Finikiez
Champion
Champion
‎01-24-2018 05:53 AM
Jump to solution

All ESXi patches are cumulative, you don't need to choose which VIB to install to fully update your host.

Just use

esxcli software vib update -d <path to ZIP archive> command to update your host

Here detailed instructions are  VMware Knowledge Base

0 Kudos
dtopohaverford
Contributor
Contributor
‎01-24-2018 12:40 PM
Jump to solution

Right..I know they are cumulative...it was my worry that some of the unique drivers from the OEM install would get overwritten. But as you said before, they are additions, so the update would not alter those.

Thanks for your help sir!!  

0 Kudos
Finikiez
Champion
Champion
‎01-25-2018 12:02 AM
Jump to solution

If there are newest drivers in the patch they will be updated.

If you have ESXi installed from customized ISO and install patch using command esxcli software vib install with old drivers they will overwrite installed versions.

That's why it's recommended to update host with esxcli software vib update