ESXi 5.5 Heartbleed Patch – NFS Users Be Careful!

Well, now that VMware has released patches to address the openssl Heartbleed vulnerability, it is time for us all to test and implement the fix.  VMware released KB 2076665 to assist in this process: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2076665

An interesting twist is related to another issue that popped up in ESXi 5.5 Update 1.  When Heartbleed was fixed, it was done so by releasing two patches simultaneously.  The first patch is ESXi550-201404420-SG, and the second patch is ESXi550-201404401-SG.  When we were looking to install the patch, the thought crossed my mind, what if we are brought up to a build level that is equivalent to a Heartbleed-patched ESXi 5.5 Update 1?  We have been holding off on 5.5U1 due to the NFS disconnect bug that is hitting many NFS shops (KB article 2076392 http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2076392 )

Heartbleed-VUM-Shot

When I looked at our Update Manager Patch Repository, I noticed that there were two packages that addressed Heartbleed.  They are listed above, including a pointer to which patch should be used, depending on the version of ESXi you are on.  (Please note, I have them sorted in descending order). When going back to KB2076665, there are explicit warnings to which patch you should installed.  They indeed mentioned the ramifications to installing ESXi550-201404401-SG and included a link to the NFS disconnect KB article, warning that installing the wrong patch might subject you to the aforementioned NFS issues.

Happy patching!

 

twitterredditlinkedinmail

Leave a Comment

Your email address will not be published. Required fields are marked *