Linux
--
Questions
--
Followers
Top Experts
Installing an rpm file : rpm -ivh or rpm -Uvh in VMWare ESX and Redhat Linux
Hi,
I'm trying to address the vulnerability (see below) given by security team.
Our ESX 3.5 is affected (ESX 2.5 is Ok). I've got the .rpm patch file.
Do I install using
rpm -Uvh patchfile.rpm
or
rpm -ivh patchfile.rpm
What's the difference between the two? Redhat suggested to me to use
"rpm -ivh" to install the .rpm packages from their site but I've seen some
places using "rpm -U package.rpm"
==========================
[Summary]
A vulnerability was reported in VMware. A local user on the guest operating system can obtain elevated privileges on the target host system.
A local user can exploit a flaw in the virtual machine display function to execute arbitrary code on the target host system.
VMware Workstation, Player, ACE, Server, Fusion, ESXi, and ESX are affected.
[Affected System]
Workstation 6.5.x any 6.5.2 build 156735 or later
Workstation 6.0.x any upgrade to at least 6.5.2
Player 2.5.x any 2.5.2 build 156735 or later
Player 2.0.x any upgrade to at least 2.5.2
ACE 2.5.x Windows 2.5.2 build 156735 or later
ACE 2.0.x Windows upgrade to at least 2.5.2
Server 2.x any 2.0.1 build 156745 or later
Server 1.x any 1.0.9 build 156507 or later
Fusion 2.x Mac OS/X 2.0.4 build 159196 or later
ESXi 3.5 ESXi ESXe350-200904201-O-SG
ESX 3.5 ESX ESX350-200904201-SG
ESX 3.0.3 ESX ESX303-200904403-SG
ESX 3.0.2 ESX ESX-1008421
[Impact Analysis]
A local user on the guest operating system can obtain privileges on the target host system.
[Solution/Workaround]
The vendor released a fix and an advisory.
Please see the references for more information.
[Reference]
http://securitytracker.com/alerts/2009/Apr/1022031.html
http://www.vmware.com/security/advisories/VMSA-2009-0006.html
I'm trying to address the vulnerability (see below) given by security team.
Our ESX 3.5 is affected (ESX 2.5 is Ok). I've got the .rpm patch file.
Do I install using
rpm -Uvh patchfile.rpm
or
rpm -ivh patchfile.rpm
What's the difference between the two? Redhat suggested to me to use
"rpm -ivh" to install the .rpm packages from their site but I've seen some
places using "rpm -U package.rpm"
==========================
[Summary]
A vulnerability was reported in VMware. A local user on the guest operating system can obtain elevated privileges on the target host system.
A local user can exploit a flaw in the virtual machine display function to execute arbitrary code on the target host system.
VMware Workstation, Player, ACE, Server, Fusion, ESXi, and ESX are affected.
[Affected System]
Workstation 6.5.x any 6.5.2 build 156735 or later
Workstation 6.0.x any upgrade to at least 6.5.2
Player 2.5.x any 2.5.2 build 156735 or later
Player 2.0.x any upgrade to at least 2.5.2
ACE 2.5.x Windows 2.5.2 build 156735 or later
ACE 2.0.x Windows upgrade to at least 2.5.2
Server 2.x any 2.0.1 build 156745 or later
Server 1.x any 1.0.9 build 156507 or later
Fusion 2.x Mac OS/X 2.0.4 build 159196 or later
ESXi 3.5 ESXi ESXe350-200904201-O-SG
ESX 3.5 ESX ESX350-200904201-SG
ESX 3.0.3 ESX ESX303-200904403-SG
ESX 3.0.2 ESX ESX-1008421
[Impact Analysis]
A local user on the guest operating system can obtain privileges on the target host system.
[Solution/Workaround]
The vendor released a fix and an advisory.
Please see the references for more information.
[Reference]
http://securitytracker.com/alerts/2009/Apr/1022031.html
http://www.vmware.com/security/advisories/VMSA-2009-0006.html
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Hi,
I was following the Security vulnerability article and downloaded that .rpm package
and I thought what's for ESX shd be the same as Redhat. Since I have a maintenance
support from Redhat, thus I thought of just giving Redhat a call. After all, I heard from
somewhere that ESX is actually a stripped down version of Redhat Linux or did I get
this wrong?
So the rpm file I got was actually downloaded from VMWare, not Redhat; just that I
don't know the exact way to install it & since it's an rpm file, I thought it should be
just the usual way of installing rpm (ie using "rpm ..." command)
I actually used "rpm -U VMware-esx-vmx-3.5.0-15886
and after rebooting the ESX, whenever I started the VM guests, it would cause the
entire ESX to panic.
So I guess I should not use "rpm ..." command but rather
"VI Update Manager or install the package using esxupdate ", is this right?
I was following the Security vulnerability article and downloaded that .rpm package
and I thought what's for ESX shd be the same as Redhat. Since I have a maintenance
support from Redhat, thus I thought of just giving Redhat a call. After all, I heard from
somewhere that ESX is actually a stripped down version of Redhat Linux or did I get
this wrong?
So the rpm file I got was actually downloaded from VMWare, not Redhat; just that I
don't know the exact way to install it & since it's an rpm file, I thought it should be
just the usual way of installing rpm (ie using "rpm ..." command)
I actually used "rpm -U VMware-esx-vmx-3.5.0-15886
and after rebooting the ESX, whenever I started the VM guests, it would cause the
entire ESX to panic.
So I guess I should not use "rpm ..." command but rather
"VI Update Manager or install the package using esxupdate ", is this right?
ASKER CERTIFIED SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Hi ShineOn,
Thanks a lot, can you also tell me a sample command for esxupdate so that
I could get the syntax right. For rpm, it's "rpm -Uvh rpm_package_name",
so what is it like for esxupdate?
Thanks a lot, can you also tell me a sample command for esxupdate so that
I could get the syntax right. For rpm, it's "rpm -Uvh rpm_package_name",
so what is it like for esxupdate?
SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Linux
--
Questions
--
Followers
Top Experts
Linux is a UNIX-like open source operating system with hundreds of distinct distributions, including: Fedora, openSUSE, Ubuntu, Debian, Slackware, Gentoo, CentOS, and Arch Linux. Linux is generally associated with web and database servers, but has become popular in many niche industries and applications.