3 Replies Latest reply on Jun 25, 2020 4:35 AM by larstr

    Applying ESXi Patch ESXi650-202005401-SG

    hussainbte Expert
    vExpert

      Hi,

       

      just had a question about applying a ESXi patch recently released

      ESXi650-202005401-SG

       

      My ESXi 6.5 U2 Patch 3.

      I have been told by VMware Support that applying the subject patch on my ESXi host will take my ESXi to 6.5 Update 3.

      I dont want my ESXi to be updated to ESXi 6.5 Update 3. (some compatibility issues)

       

      I find it difficult to accept that applying a patch which fixes a certain vulnerability requires your ESXi update version to also be upgraded.

       

      appreciate any inputs which can clear this out for me..

        • 1. Re: Applying ESXi Patch ESXi650-202005401-SG
          Techie01 Hot Shot

          This is correct. The patches for esxi is cumulative. Which means latest patches are built on top of the previously released patches. So applying latest patch binarees  will automatically contain previous release content too.

           

          Are ESXi Patches Cumulative - VMware vSphere Blog

          • 2. Re: Applying ESXi Patch ESXi650-202005401-SG
            peetz Master
            vExpertUser Moderators

            Greetings,

             

            the VMware support statement is correct. If you apply this security patch then the host will also be updated to U3. In general ESXi patches are cumulative so this is somehow expected, and there is no way to apply this security fix to an U2 system without also updating it to U3.

             

            Of course, in theory, it would be possible for VMware to provide another version of this (or any other) security patch for a U2 system ... and in addition for a U1 system ... and the GA version which would just fix the security issue and not change the update level... However, given the number of available security patches and the update releases of ESXi this would create a plethora of different possible patch combinations for an ESXi host - something that is probably impossible to maintain, validate and cross check for compatibility even for a big software vendor like VMware.

             

            Andreas

            • 3. Re: Applying ESXi Patch ESXi650-202005401-SG
              larstr Virtuoso
              vExpert

              hussainbte,

              If you're using vSAN you get a new option inside VUM to keep the ESXi hosts patched te the Update level as vCenter:

               

              Lars