VMware: Thrilling Start to October 2015

VMware has started October 2015 with a bunch of patches, a security advisory and a major bug in their latest ESXi 5.5 release.

New Product Releases

The following products were released today:

If you are interested in getting notified about new products, you can subscribe to my vTracker RSS Feed.

VMware NSX for vSphere 6.1.5
You might be aware that NSX 6.2 has been released two weeks ago. NSX 6.2 is new major version of the product. There will probably still be updates for NSX 6.1 in the future. In this update, the NSX Manager user interface has been enhanced to display the connectivity status between NSX controllers in the controller cluster. This allows you to view connectivity differences between nodes.

VMware Mirage 5.5.0
The latest version of VMwares EUC managing software introduces the following new features:

  • Branch PC technicians and administrators can provision new laptops and desktops directly from the device using the self-service provisioning interface.
  • Administrators can specify base layer and app layer download only operations and manually initiate layer updates for a future time, for example, off-peak hours.
  • Administrators can specify bandwidth limitation rules according to time and day.
  • Administrators can update base layers and app layers by using the Mirage API and Mirage PowerCLI.
  • Bare-metal provisioning supports POSReady 2009.

VMware vSphere 5.1 and 5.0 Updates
Information about the resolved issues can be found in the release notes:

The latest ESXi 5.0 Build number is now: 3086167
The latest ESXi 5.1 Build number is now: 3070626
Updated: ESXi Release and Build Number History


VMware Security Advisories VMSA-2015-0007

VMware has released a security advisory that addresses VMware vCenter and ESXi for nearly all versions of 5.x and 6.0. The document describes 3 issues:

  • VMware ESXi OpenSLP Remote Code Execution
  • VMware vCenter Server JMX RMI Remote Code Execution
  • VMware vCenter Server vpxd denial-of-service vulnerability

If you have one of the following products, you should have a look at VMSA-2015-0007.
Caution! ESXi 5.5 U3 (Build 3029944) has a Snapshot Bug that conflicts with this VMSA.

  • VMware ESXi 5.0 Build < 3086167
  • VMware ESXi 5.1 Build < 3070626
  • VMware ESXi 5.5 Build < 3029944 (Snapshot Bug)
  • VMware vCenter Server 6.0 < 6.0 U1
  • VMware vCenter Server 5.5 < 5.5 U3
  • VMware vCenter Server 5.1 < 5.1 U3b
  • VMware vCenter Server 5.0 < U.0 u3e


VMware ESXi 5.5 Update 3 Snapshot Bug

VMware ESXi 5.5 Update 3, released 2 weeks ago, has an unresolved bug that might cause virtual machines to fail after snapshot consolidation. The issue is described here.

  1. With this and the current networking bug in esxi 6.0, it’s not looking great for VMware at the moment. It feels like the quality of their core product releases has slipped a lot in the last 12 months. Maybe it’s just me?!

  2. But does the security patch for VMSA-2015-0007 really include the snapshot bug? The patch itself has build number esx-base:5.5.0-2.65.3029837, but the U3 has 3029944.

    There might be a middle way that patches the security bug but doesn’t expose us to the snapshot bug, or am I missing something?

    • That’s a very good question. The number you are referring to is from the “5.5 U3 Security Only” patch. You can install it with the Host Profile ESXi-5.5.0-20150901001s-standard.
      I dont’t have any information if it is affected or not. “Both” Versions are “Update 3”.

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>