Release date: April 28, 2011
|Build||For build information, see KB 1035110.|
|Host Reboot Required||Yes|
|Virtual Machine Migration or Shutdown Required||Yes|
|PRs Fixed||671984, 674903, 665217, 652611, 630472, 588298, 606441, 611518, 635393, 615869, 630852, 669678, 638481, 637280, 653672, 655807, 653337, 610630, 620291, and 610075|
|VIBs Included||vmware-esx-apps, vmware-esx-cim, vmware-esx-likewise-ad-provider, vmware-esx-likewise-krb5, vmware-esx-likewise-krb5-64, vmware-esx-likewise-krb5-workstation, vmware-esx-likewise-open, vmware-esx-likewise-open-64, vmware-esx-likewise-openldap, vmware-esx-likewise-openldap-64, vmware-esx-lnxcfg, vmware-esx-pam-krb5, vmware-esx-pam-krb5-64, vmware-esx-perftools, vmware-esx-scripts, vmware-esx-srvrmgmt, vmware-esx-tools, vmware-esx-vmkctl, vmware-esx-vmkernel64, vmware-esx-vmnixmod, vmware-esx-vmwauth, vmware-esx-vmx, vmware-hostd-esx, kernel, and omc|
|Related CVE numbers||CVE-2010-2240, CVE-2011-1786, CVE-2010-1324, CVE-2010-1323, CVE-2010-4020, CVE-2010-4021, and CVE-2011-1785|
This patch resolves the following security issues:
This patch also resolves the following issues:
In addition, this patch updates the Certificate Revocation List (CRL) to revoke an RSA key that HP uses for code-signing certain software components. HP servers contain a new key pair and has re-signed the affected software components with the new key.
If you restart an HP system that is running ESX, you must update the software components to the version signed with the new key. You can download the HP Management Agent for VMware ESX 4.x (hpmgmt-8.7.0-vmware4x.tgz) from the HP Web site.
If you do not restart the system, it continues to work with the currently installed and loaded software. However, the ESX system rejects software signed with the revoked key and logs a warning if the system loads any kernel module signed with the revoked key. This might cause certain HP features to fail.
None beyond the required patch bundles and reboot information listed in the table above.
See the VMware vCenter Update Manager Administration Guide for instructions on using Update Manager to download and install patches to automatically update ESX 4.1 hosts.
To update ESX 4.1 hosts without using Update Manager, download the patch ZIP file fromhttp://support.vmware.com/selfsupport/download/ and install the bulletin by using esxupdate from the command line of the host. For more information, see the ESX 4.1 Patch Management Guide.
Based on VMware KB 1035097