2018年1月24日水曜日

ESXi 6.5u1e / 6.0u3d / 5.5u3gが公開中止・適用中止になりました (Meltdown and Spectre Vulnerability (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754))

1/9にリリースされたの各ESXiのMeltdownとSpectreのCPU脆弱性問題に対応した各パッチですが、Intel側の問題(リブートの問題でニュースになっている件など)で
1/23にVmware社側もパッチの提供を中止し、ダウンロードサイトからバイナリは削除されました。
https://kb.vmware.com/kb/52345
Although VMware strongly recommends that customers obtain microcode patches through their hardware vendor, as an aid to customers, VMware also included the initial microcode patches in ESXi650-201801402-BG, ESXi600-201801402-BG, and ESXi550-201801401-BG. Intel has notified VMware of recent sightings that may affect some of the initial microcode patches that provide the speculative execution control mechanism for a number of Intel processors (see Table 1.) The issue can occur when the speculative execution control is actually used within a virtual machine by a patched OS. 
As a result, VMware is delaying new releases of microcode updates while it works with Intel to resolve microcode patch issues as quickly as possible.
This document is focused on Intel microcode issues and VMware’s recommendations. Please review KB52245: VMware Response to Speculative Execution security issues, CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 (aka Spectre and Meltdown) for a holistic view on VMware’s response to these issues.

既に準備を進めている方は、アップデートを中止し、ESXi 6.5 Patch 02(Build 7388607)、ESXi 6.0 Patch 6(Build 6921384) の年末リリースのパッチまでの適用とする必要があります。
※vCenterの各バージョン、6.5u1eや6.0u3dは有効なのでDL・適用が可能です。

VMSA-2018-0002

VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution.
https://www.vmware.com/security/advisories/VMSA-2018-0002.html

公開中止になったのは以下の各バージョン(My Vmwareからバイナリは削除されました)

ESXi 6.5 u1e
https://kb.vmware.com/s/article/52236

ESXi 6.0 u3d
https://kb.vmware.com/s/article/52238

ESXi 5.5 u3g
https://kb.vmware.com/s/article/52237