Producent oprogramowania do wirtualizacji VMware wypuścił najnowszą aktualizację dla produktu vCenter Server o oznaczeniu 7.0.3i. Z punktu widzenia bezpieczeństwa – zostały zaktualizowane biblioteki oraz aplikacje, załatano podatności CVE-2022-31697, CVE-2022-31698, CVE-2021-22048, CVE-2020-28196. Rozwiązano kilka innych problemów m.in problemu uniemożliwiającego włączenie maszyny wirtualnej z powodu błędu InsufficientMemoryResourcesFault. Rozwiązano również problem który uniemożliwiał klonowanie maszyny wirtualnej (w chwili usunięcia wirtualnego TPM). Po więcej informacji zapraszam do dalszej części artykułu.

Co nowego?

• vCenter Server 7.0 Update 3i delivers vCenter Server fixes that you can see in the Resolved Issues section.
• This release resolves CVE-2022-31697, and CVE-2022-31698. For more information on these vulnerabilities and their impact on VMware products, see VMSA-2022-0030.
• This release resolves CVE-2021-22048. For more information on this vulnerability and its impact on VMware products, see VMSA-2021-0025.
• This release resolves CVE-2020-28196, which impacts Integrated Windows Authentication (IWA) authentications.
• For VMware vSphere with Tanzu updates, see VMware vSphere with Tanzu Release Notes.
• For Photon OS updates, see VMware vCenter Server Appliance Photon OS Security Patches.

Patches Contained in This Release

This release of vCenter Server 7.0 Update 3i delivers the following patch:

• Patch for VMware vCenter Server Appliance 7.0 Update 3i

For a table of build numbers and versions of VMware vCenter Server, see VMware knowledge base article 2143838.

Patch for VMware vCenter Server Appliance 7.0 Update 3i

Product Patch for vCenter Server containing VMware software fixes, security fixes, and third-party product fixes.

This patch is applicable to vCenter Server.

Download and Installation

To download this patch from VMware Customer Connect, you must navigate to Products and Accounts > Product Patches. From the Select a Product drop-down menu, select VC and from the Select a Version drop-down menu, select 7.0.3.

1. Attach the VMware-vCenter-Server-Appliance-7.0.3.01100-20845200-patch-FP.iso file to the vCenter Server CD or DVD drive.
2. Log in to the appliance shell as a user with super administrative privileges (for example, root) and run the following commands:
   • To stage the ISO:
     software-packages stage --iso
   • To see the staged content:
     software-packages list --staged
   • To install the staged rpms:
     software-packages install --staged

For more information on using the vCenter Server shells, see VMware knowledge base article 2100508.

For more information on patching vCenter Server, see Patching the vCenter Server Appliance.

For more information on staging patches, see Stage Patches to vCenter Server Appliance.

For more information on installing patches, see Install vCenter Server Appliance Patches.

For more information on patching using the Appliance Management Interface, see Patching the vCenter Server by Using the Appliance Management Interface.

Rozwiązane problemy:

Server Configuration Issues

• Hardware labels for Dynamic DirectPath I/O devices do not persist across ESXi host rebootsHardware labels assigned to Dynamic DirectPath I/O devices in a vCenter Server system might not persist across reboots of the ESXi hosts. As a result, you must assign a hardware label after each reboot.This issue is resolved in this release.

Virtual Machine Management Issues

• VM power on fails admission check at an ESXi host with the error InsufficientMemoryResourcesFaultIf some virtual machines in a resource pool have a memory demand exceeding the configured memory reservation of an ESXi host, DRS might pass incorrect resource pool reservation settings to the host. As a result, the power on of such VMs fails admission check in the ESXi host.This issue is resolved in this release.
• Removing a virtual TPM device during a VM clone operation might cause the task to failIf you clone a VM with a virtual Trusted Platform Module (vTPM), and add a VirtualDeviceSpec::remove of the vTPM device in CloneSpec.location.deviceChange or CloneSpec.config.deviceChange, the ESXi host throws an exception such as The virtual machine is configured to require encryption. The removal of the vTPM might cause the clone operation to fail.This issue is resolved in this release.

CIM and API Issues

• A PbmCheckCompliance PBM API call invoked with a public SDK client fails with a deserialization errorFor entities provisioned in a vSAN datastore, the PbmCheckCompliance PBM API call invoked with a public SDK client returns VsanComplianceResult type in the result. VsanComplianceResult is an internal type that is not defined in the public PBM SDK. As a result, the public client does not recognize the type VsanComplianceResult while deserializing the API result and throws a deserialization error.This issue is resolved in this release.

vSphere Lifecycle Manager Issues

• When you use a vSphere Lifecycle Manager baseline based on a rollup bulletin customized with the VMware Image Builder, remediation of ESXi hosts might fail with an unknown errorIn certain cases, when you use a vSphere Lifecycle Manager baseline based on an Image Builder-customized rollup bulletin to remediate ESXi hosts, in the vSphere Client you might see an error such as VMware vSphere Lifecycle Manager had an unknown error. Check the events and log files for details.. In the esxupdate.log file on impacted hosts, you see an error such as This upgrade transaction would skip ESXi Base Image VIB(s) VMware_bootbank_esx-ui_, VMware_locker_tools-light_, which could cause failures post upgrade. . The issue occurs due to a recently added upgrade completeness check in the rollup upgrade code path to prevent partial upgrades. This check might conflict with some workflows where Image Builder is used to remove some VIBs, such as the VM Tools (tools-light) VIB.This issue is resolved in this release. The fix allows the removal of the vSphere Client (esx-ui) and VM Tools (tools-light) VIBs for remediations with a vSphere Lifecycle Manager baseline based on an Image Builder-customized rollup bulletin. However, if you need to remove other VIBs, you must create a customized ISO in Image Builder and use an upgrade baseline based on that ISO to perform the upgrade.

Miscellaneous Issues

• vCenter Server might run out of storage space due to access logs accumulated under /var/log/vmware/vmware-spsThe vmware-sps service might generate access log files that do not automatically clean up. Depending on the usage of the service, such logs might cause vCenter Server to run out of log storage.This issue is resolved in this release.

Networking Issues

• GET VM REST API fails with an internal server errorWhen you use a REST API function such as /rest/vcenter/vm/{vm-id}, the call might fail with an error message such as Internal server error: Error: Http error 500 while requesting '/rest/vcenter/vm/vm-xx’.
  The issue occurs because the networkBootProtocol value might not persist in the vCenter Server database after reconfiguring the VM. As a result, when vCenter Server restarts, the networkBootProtocol value is not available and the function /rest/vcenter/vm/{vm-id} fails.The issue is resolved in this release. The fix makes sure that the fixed now and the networkBootProtocol value persists in the vCenter Server database after a VM reconfigure and vCenter Server restart.

Security Issues

• vCenter Server 7.0 Update 3i provides the following security updates:
  • This release resolves CVE-2022-31697, and CVE-2022-31698. For more information on these vulnerabilities and their impact on VMware products, see VMSA-2022-0030.
  • This release resolves CVE-2021-22048. For more information on this vulnerability and its impact on VMware products, see VMSA-2021-0025.
  • This release resolves CVE-2020-28196, which impacts Integrated Windows Authentication (IWA) authentications.
  • The OpenSSL is updated to version 1.0.2ze-3.
  • Eclipse Jetty is updated to version 9.4.48.v20220622.
  • The Expat XML parser is updated to version 2.4.9.
  • The libxml2 library is updated to version 2.9.14.
  • cURL is updated to version to 7.84.
  • Apache Tomcat is updated to version 8.5.82/9.0.65.
  • The Sqlite database is updated to version 3.39.0.
  • Jackson and Jackson-databind are updated to version 2.13.2/2.13.2.2.
  • The zlib library is updated to version 1.2.12.
  • The Spring Framework is updated to version 5.2.22/5.3.22.
  • Libssh2 is updated to version 1.10.
  • Google Gson is updated to version 2.9.0.
  • PostgreSQL JDBC driver is updated to version 42.5.0.
  • The Commons Configuration software library is updated to version 2.8.0.
  • The SnakeYAML library is updated to version 1.31.
  • The Open-JDK package is updated to version 8u341.
  • Apache log4j is updated to versions 2.17.1.
  • PostgreSQL DB is updated to 13.8.

vSAN Issues

• You see a black screen during network setting configuration of a vSAN clusterIn the Virtual Appliance Management Interface, when you edit the settings of a selected network adaptor, the Edit settings screen might appear black. A similar issue occurs in the vSphere Client when you try to edit the settings of a distributed switch in the Advanced Options screen under the Cluster Quickstart configuration wizard.This issue is resolved in this release.

Znane problemy:

• Znane problemy z poprzedniej wersji VMware vCenter Server 7.0.3

Notatki producenta: VMware vCenter Server 7.0 Update 3i

Pozdrawiamy,

Zespół B&B
Bezpieczeństwo w biznesie

 

vCenter vCenter Server VMware vmware vcenter