Installing an rpm file :  rpm -ivh   or  rpm -Uvh  in VMWare ESX and Redhat Linux

Posted on 2009-04-18
Last Modified: 2013-12-16

I'm trying to address the vulnerability (see below) given by security team.

Our ESX 3.5 is affected (ESX 2.5 is Ok).  I've got the .rpm patch file.
Do I install using
   rpm -Uvh patchfile.rpm
   rpm -ivh patchfile.rpm

What's the difference between the two?  Redhat suggested to me to use
"rpm -ivh" to install the .rpm packages from their site but I've seen some
places using "rpm -U package.rpm"


A vulnerability was reported in VMware. A local user on the guest operating system can obtain elevated privileges on the target host system.

A local user can exploit a flaw in the virtual machine display function to execute arbitrary code on the target host system.

VMware Workstation, Player, ACE, Server, Fusion, ESXi, and ESX are affected.

[Affected System]
Workstation 6.5.x any 6.5.2 build 156735 or later
Workstation 6.0.x any upgrade to at least 6.5.2

Player 2.5.x any 2.5.2 build 156735 or later
Player 2.0.x any upgrade to at least 2.5.2

ACE 2.5.x Windows 2.5.2 build 156735 or later
ACE 2.0.x Windows upgrade to at least 2.5.2

Server 2.x any 2.0.1 build 156745 or later
Server 1.x any 1.0.9 build 156507 or later

Fusion 2.x Mac OS/X 2.0.4 build 159196 or later

ESXi 3.5 ESXi ESXe350-200904201-O-SG

ESX 3.5 ESX ESX350-200904201-SG
ESX 3.0.3 ESX ESX303-200904403-SG
ESX 3.0.2 ESX ESX-1008421

[Impact Analysis]
A local user on the guest operating system can obtain privileges on the target host system.

The vendor released a fix and an advisory.
Please see the references for more information.

Question by:sunhux
    LVL 23

    Assisted Solution

    by:Maciej S
    -i means install
    -U means upgrade

    Description of -U from man rpm:
    This upgrades or installs the package currently installed to a newer version.  This is the same as install, except all other version(s) of the package are removed after the new package is installed.
    LVL 35

    Assisted Solution

    I don't understand...

    You say this is a VMware ESX 3.5 host, right?  Why would you be installing a RedHat RPM?  Or asking RedHat for advice on how to install it?

    The patch you need is from VMware, and is installed on the VMware host using the service console, not on the RedHat guest.
    It should be file ESX350-20094201-SG.ZIP which contains the file VMware-esx-vmx-3.5.0-158869.i386.rpm

    According to the KB article, you're supposed to either use the VI Update Manager or install the package using esxupdate from the command line.
    LVL 7

    Assisted Solution

    ShineOn is spot on.
    If you are using VirtualCenter 2.5, then you can use VMware Update Manager to scan the ESX Host for baselines and remediate the patches based on the results of the scan.

    Author Comment


    I was following the Security vulnerability article and downloaded that .rpm package
    and I thought what's for ESX shd be the same as Redhat.  Since I have a maintenance
    support from Redhat, thus I thought of just giving Redhat a call.  After all, I heard from
    somewhere that ESX is actually a stripped down version of Redhat Linux or did I get
    this wrong?

    So the rpm file I got was actually downloaded from VMWare, not Redhat;  just that I
    don't know the exact way to install it & since it's an rpm file, I thought it should be
    just the usual way of installing rpm (ie using "rpm ..." command)

    I actually used "rpm -U VMware-esx-vmx-3.5.0-158869.i386.rpm" at ESX Unix prompt
    and after rebooting the ESX, whenever I started the VM guests, it would cause the
    entire ESX to panic.

    So I guess I should not use "rpm ..." command but rather
    "VI Update Manager or install the package using esxupdate ",  is this right?
    LVL 35

    Accepted Solution

    "I heard from somewhere that ESX is actually a stripped down version of Redhat Linux or did I get
    this wrong?"

    You got this partly wrong.  ESX 3.5 runs on its own 2.4 kernel.  Mine is Linux version 2.4.21-57.ELvmnix.  It's essentially a VMware-only flavor of Linux called vmnix.
    It does use the RedHat gcc version 3.2.3 20030502 from Red Hat Linux 3.2.3-14 so in a way it has roots in RedHat, but it's not Red Hat.

    What you need to do, in order to use the RPM package, is install it using esxupdate from the command line of the service console.

    If you have Virtual Center installed and configured, you can use the Update Manager to download and install patches for you, in a relatively automated fashion.

    Another thing you need to do is make sure you install the prerequisite packages in the proper order.  If you installed the package for 20094201 without making sure the prerequisite packages were installed first, that could contribute to your kernel panics.

    The KB article has a "requires" block in the grid that shows these are prerequisite patches:
    But as you go to download each of them, you will see that the order you install the patches may not be the order you see them listed in the grid.

    Author Comment

    Hi ShineOn,

    Thanks a lot, can you also tell me a sample command for esxupdate so that
    I could get the syntax right.  For rpm, it's  "rpm -Uvh  rpm_package_name",
    so what is it like for esxupdate?
    LVL 35

    Assisted Solution


    There are four execution modes for esxupdate, and you should use them as they're intended.  It's too detailed a document to go into here, but suffice it to say that you use 'esxupdate' as a command instead of 'rpm'.  

    There are options and switches and parameters, but they don't look anything like rpm's, from a cursory review.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    SIP Trunk provider 20 63
    Vmkernel por 4 30
    Mircosoft Exchange Server 12 36
    Vmware Workstation 12 3 24
    This article is an update and follow-up of my previous article:   Storage 101: common concepts in the IT enterprise storage This time, I expand on more frequently used storage concepts.
    It Is not possible to enable LLDP in vSwitch(at least is not supported by VMware), so in this article we will enable this, and also go trough how to enabled CDP and how to get this information in vSwitches and also in vDS.
    This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
    This video shows you how to use a vSphere client to connect to your ESX host as the root user. Demonstrates the basic connection of bypassing certification set up. Demonstrates how to access the traditional view to begin managing your virtual mac…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now