2 Replies Latest reply on May 2, 2019 2:29 PM by popcornuk

    Esxi 6.5 patch upgrade (installing specific VIBs)

    popcornuk Lurker

      Hi all,

       

      I have a couple of Esxi 6.5 hosts running a HPE custom image (build 6765664 May 2017).

       

      I need to patch a vulnerability listed in VMSA-2015-0007.7.This requires that Esxi be patched with ESXi650-201806401-BG. The bulletin lists 4 VIBs that need to be updated to fix this vulnerability. However, when I download the patch file from the product patches site, the zip file contains many more VIBs than the 4 listed on the ESXi650-201806401-BG bulletin page.

       

       

      So question is...Do I have to update all of the VIBs provided in this patch bundle or can I just install the 4 VIBs requred by the bulletin? We plan on uplifting the overall Esxi 6.5 build to 13004031 EP13 in the next few months but this needs to be properly tested for regression before we do.

       

      Thanks!

        • 1. Re: Esxi 6.5 patch upgrade (installing specific VIBs)
          a.p. Guru
          vExpertCommunity WarriorsUser Moderators

          Since you are running a HPE customized "Update 1" build, and want to apply "Update 2" patches, you may need to update the hosts to a HPE customized "Update 2" build in a first step.

          In case the build you are going to use still requires the fixes you mentioned, you may then apply these in a second step.

          Also remember to remove the "intelcim-provider" vib from the hosts, as this may cause BSOD situations (see https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00048925en_us ).

           

          André

          1 person found this helpful
          • 2. Re: Esxi 6.5 patch upgrade (installing specific VIBs)
            popcornuk Lurker

            Since you are running a HPE customized "Update 1" build, and want to apply "Update 2" patches, you may need to update the hosts to a HPE customized "Update 2" build in a first step.

            In case the build you are going to use still requires the fixes you mentioned, you may then apply these in a second step.

            This is the problem. Currently we cannot upgrade the underlying esxi version. It has to stay at the current U1 level until we can fully regression test the solution in a lab using the latest EP13 build of esxi 6.5.

             

            In the short term, I'm just wondering if there's a way to individually patch the VIBs mentioned in the security advisory without having to do a version uplift or install all of the VIBs provided in the patch file.