Esxi 6.5 Patch
There a several ways to patch a VMware ESXi server. vSphere Update Manager (VUM) can update for example a complete ESXi host cluster fully automatic. vSphere Update Manager requires a vCenter Server. When you don’t have a vCenter Server patching can be done from the command line.
Here is a quick overview of how to patch an ESXi 6.x or 7.x host to the latest patch or version (from ESXi 6 to 7 for example).
VMware vSphere 6.5 Release Notes. VMware Host Client Release Notes. The typical way to apply patches to ESXi hosts is by using the VMware vSphere Update Manager. For details, see About Installing and Administering VMware vSphere Update Manager. ESXi hosts can be updated by manually downloading the patch ZIP file from the VMware download page and installing the VIB by using the esxcli software vib command. With ESXi 6.5 Update 2, you can add tags to the Trusted Platform Module (TPM) hardware version 1.2 on ESXi by using ESXCLI commands. A new API provides read and write access in the form of get, set, and clear commands to the non-volatile memory on TPMs of version 1.2.
Step 1. Download the latest patch bundle from the VMware Web site, link. VMware ESXi patches are cumulative! Each patch bundle (.zip archive) includes all the updates from prior patches.
Step 2. Upload the patch bundle (zip) to a (central) datastore with the vSphere Client (prior vSphere 6.5), vSphere Web Client, ESXi host client.
Step 3. Enable SSH
In the vSphere Web client start the SSH service and make a SSH session to the ESXi host
Step 4. Put the host in maintenance mode
Step 5. Install the patch bundle
Using esxcli with the install method has the possibility of overwriting existing drivers. If you are using third-party ESXi images, VMware recommends using the update method to prevent an unbootable state. The following command will install the patch bunde:
For example install HPE ESXi 6 Update 3:
After the patch bundle is installed check the message. It must say “The update completed successfully, but the system needs to be rebooted for changes to be effective.”
Step 6. Reboot the host by entering the following command:
Step 7. Make a SSH session to the ESXi host and exit maintenance mode
Related posts:
Release Date: MAY 28, 2020
Build Details
| Download Filename: | ESXi650-202005001.zip |
| Build: | 16207673 |
| Download Size: | 343.3 MB |
| md5sum: | 273fbaf2d20172ad0b6f61f11933d38b |
| sha1checksum: | 08cc768779b7f6a0805cbae5953d034f380ab626 |
| Host Reboot Required: | Yes |
| Virtual Machine Migration or Shutdown Required: | Yes |
Bulletins
| Bulletin ID | Category | Severity |
| ESXi650-202005401-SG | Security | Important |
Rollup Bulletin
This rollup bulletin contains the latest VIBs with all the fixes since the initial release of ESXi 6.5.
| Bulletin ID | Category | Severity |
| ESXi650-202005001 | Security | Important |
Image Profiles
VMware patch and update releases contain general and critical image profiles. Application of the general release image profile applies to new bug fixes.
| Image Profile Name |
| ESXi-6.5.0-20200504001-standard |
| ESXi-6.5.0-20200504001-no-tools |
For more information about the individual bulletins, see the Download Patches page and the Resolved Issues section.
Patch Download and Installation
The typical way to apply patches to ESXi hosts is through the VMware vSphere Update Manager. For details, see the About Installing and Administering VMware vSphere Update Manager.
ESXi hosts can be updated by manually downloading the patch ZIP file from the VMware download page and installing the VIB by using the esxcli software vib command. Additionally, the system can be updated using the image profile and the esxcli software profile command.
For more information, see the vSphere Command-Line Interface Concepts and Examples and the vSphere Upgrade Guide.
Resolved Issues
The resolved issues are grouped as follows.
ESXi650-202005401-SG| Patch Category | Security |
| Patch Severity | Important |
| Host Reboot Required | Yes |
| Virtual Machine Migration or Shutdown Required | Yes |
| Affected Hardware | N/A |
| Affected Software | N/A |
| VIBs Included |
|
| PRs Fixed | N/A |
| Related CVE numbers | CVE-2020-3958 |
This patch updates the esx-base, vsan, esx-tboot and vsanhealth VIBs to update the following issue:
ESXi has a denial-of-service vulnerability in the shader functionality. Attackers with non-administrative access to a virtual machine might exploit this issue to fail the VMX process of the virtual machine, leading to a denial of service condition. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-3958 to this issue. For more information, see VMSA-2020-0011.
Esxi 6.5 Patch Release
ESXi-6.5.0-20200504001-standard| Profile Name | ESXi-6.5.0-20200504001-standard |
| Build | For build information, see the top of the page. |
| Vendor | VMware, Inc. |
| Release Date | May 28, 2020 |
| Acceptance Level | PartnerSupported |
| Affected Hardware | N/A |
| Affected Software | N/A |
| Affected VIBs |
|
| PRs Fixed | N/A |
| Related CVE numbers | CVE-2020-3958 |
Esxi 6.5 Patch Version
ESXi has a denial-of-service vulnerability in the shader functionality. Attackers with non-administrative access to a virtual machine might exploit this issue to fail the VMX process of the virtual machine, leading to a denial of service condition. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-3958 to this issue. For more information, see VMSA-2020-0011.
| Profile Name | ESXi-6.5.0-20200504001-no-tools |
| Build | For build information, see the top of the page. |
| Vendor | VMware, Inc. |
| Release Date | May 28, 2020 |
| Acceptance Level | PartnerSupported |
| Affected Hardware | N/A |
| Affected Software | N/A |
| Affected VIBs |
|
| PRs Fixed | N/A |
| Related CVE numbers | CVE-2020-3958 |
ESXi has a denial-of-service vulnerability in the shader functionality. Attackers with non-administrative access to a virtual machine might exploit this issue to fail the VMX process of the virtual machine, leading to a denial of service condition. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2020-3958 to this issue. For more information, see VMSA-2020-0011.