Update as of July 24, 2022: If your vCenter Server is or was previously attached to an Active Directory domain that used Integrated Windows Authentication (IWA) as an Identity Source, skip this vCenter release and go to vCenter 7.0 U3g. VMware KB 89027 explains the issue in more detail.
As of July 12, 2022, VMware has officially released vSphere version 7.0 U3f. This particular release addresses a number of security patches for vCenter Server, including CVE-2022-22982. This particular CVE has a CVSSv3 score of 5.3 (Moderate) and is explained in more detail in VMware’s VMSA-2022-0018 Security Advisory.
As for ESXi, this patch release addresses a number of security advisories, PRs, as well as updating drivers and VIBs on ESXi hosts. The specific security advisories addressed in this release include: CVE-2022-23816, CVE-2022-23825, CVE-2022-26373, CVE-2022-28693, and CVE-2022-29901. These security advisories are explained in more detail in VMware’s VMSA-2022-0020 Security Advisory.
vCenter Server 7.0 U3f | Build 20051473
Release Notes: https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u3f-release-notes.html
ESXi 7.0 U3f | Build 20036589
Release Notes: https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3f-release-notes.html
The vCenter Server 6.7 Update 3a release addresses the following critical issues for the VMware vCenter Server Appliance:
- Fix to address vCSA SSH backup MITM issue – Now you can enforce strict certificate validation for file-based backup and restore operations by including the root CA certificate in all file transfers. For more information, see VMware knowledge base article 75156.
- Fix for vSAN UI does not appear in vSphere Client after upgrade to 6.7 Update 3
- Fix for the following convergence issues :
- Convergence, domain repointing and fresh installation of a vCenter Server Appliance with an embedded Platform Services Controller connected in Embedded Linked Mode might fail with error
- Convergence of a vCenter Server instance with an external Platform Services Controller to a vCenter Server instance with an embedded Platform Services Controller fails with error
The following important CVE fixes in the vCenter Server Appliance:
1.) [CVE-2018-14682, CVE-2018-14681]: libmspack
2.) [CVE-2018-20843] package: expat branch :1.0
3.) [CVE-2019-12900]: bzip2
4.) [CVE-2019-13117, CVE-2019-13118]: libxslt
5.) [CVE-2019-13232] package: unzip branch :1.0
6.) [CVE-2019-13638] package: patch branch :1.0
7.) [CVE-2019-15902, CVE-2016-10905, CVE-2019-10638]: linux
Documentation and Links
– ESXi Product Patches
– Photon OS Security Patches
– vCenter Server 6.7 U3a Release Notes
The vCenter Server 6.5 Update 3d release addresses the following critical issue for the VMware vCenter Server Appliance:
Fix to address vCSA SSH backup MITM issue – Now you can enforce strict certificate validation for file-based backup and restore operations by including the root CA certificate in all file transfers. For more information, see VMware knowledge base article 75156.
Continue reading “Announcing General Availability of VMware vCenter Server 6.5 U3d”