Solved

do I need to update ESXi servers

Posted on 2013-05-29
9
430 Views
Last Modified: 2013-06-10
According to our vulnerability management system we need to update our ESXi 4.1U1 servers to the latest version.
I checked the patch security articles and there are just a couple of vulnerabilities that are reported by vmware.
There are not so much information which feature  of the software is affected by this security hole, so I cannot decide if it is needed or not.
I had a lot of problems in the past with the installation of the updates mainly with windows server and I am very suspicous when I have to update  anything.
Our ESXi server(management network) are on different network segment and connection to them are allowed only from IT department network. Virtualization software that we are using also are vcenter and srm(site recovery manager).
Could you tell me if this updates are so requered and critical, do you update constantly your vmware servers, or any advice maybe.

 The most reported seems to be
•The ESX/ESXi userworld libxml2 library is updated to resolve multiple security issues
-The userworld glibc third-party library is updated to 2.5-58.el5_6.2 resolve multiple security issues
•629880: This release resolves an integer overflow issue in the SFCB that arises when the httpMaxContentLength is changed from its default value to 0 in /etc/sfcb/sfcb.cfg. The integer overflow could allow remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header
0
Comment
Question by:dedri
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 11

Expert Comment

by:wrmichael
ID: 39204394
Yes.  Very important to keep your security holes filled.
0
 
LVL 15

Expert Comment

by:Jaroslav Mraz
ID: 39204406
Hi,

the lastest version is 5.1 and there are hudge updates to preformance USB redirection ando ther cool things inside even vSphere web client.

If you have managment on other secure network (VLAN) and servers are not published to the net then tehy are stabile. It is all about what hackers or employes wanted from you.

And at the last there is best practice to instal server at new and configure it again if you dont have so large network. Cousee changes to base FILE SYSTEM and FILE SYSTEM TYPE.
0
 
LVL 122
ID: 39204414
Although it's important to maintain and ensure you are up to date, if the patch or upgrade fixes and issue for you, you mat still find that your" vulnerability management system " still triggers on ESXi, even with the latest patches applied, because it triggers on "Linux" like components!
0
10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

 

Author Comment

by:dedri
ID: 39204596
Hi  hanccocka,
could you clarify a little bit more what do you mean.
0
 
LVL 122

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 250 total points
ID: 39204624
If you update, your ESXi OS, your software scanner - vulnerability management system may still state you have an issue! (it happens!)

I would actually update to ESXi/ESX 4.1 Patch 8 Build 1050704, (latest) but also remember this may require you to update your vCenter Server installation as well, and there is no guarantee this will satisfy your scanner - vulnerability management system.

We update our clients servers, if and when, there is an issue detected, e.g. a bug.

What vulnerability management system are you using?
0
 
LVL 28

Assisted Solution

by:asavener
asavener earned 250 total points
ID: 39204639
I have never encountered an issue with installing ESXi patches.  (Upgrades to a different version are another story.)

1) The patches include stability improvements as well as security improvements.
2) Good security practices also protect you against people you trust.  Security patches are only one part of good security, but you should not ignore them because your network is only accessible from the IT department.
3) You can pilot the changes on one of your hosts, and run them for a time until you are confident about stability.


Hancock's comment refers to the fact that ESXi is based on Linux.  Security scanners will identify generic Linux vulnerabilities as well as those specific to ESXi.
0
 

Author Comment

by:dedri
ID: 39204715
qualys is the vulrnerability system
0
 
LVL 122
ID: 39204741
QualysGuard Cloud Security & Compliance Suite?
0
 

Author Comment

by:dedri
ID: 39204770
yes , the same, QualysGuard Cloud
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your vDisk VHD file gets deleted from the image store accidentally or on purpose, you won't be able to remove the vDisk from the PVS console. There is a known workaround that is solid.
What if you have to shut down the entire Citrix infrastructure for hardware maintenance, software upgrades or "the unknown"? I developed this plan for "the unknown" and hope that it helps you as well. This article explains how to properly shut down …
Teach the user how to convert virtaul disk file formats and how to rename virtual machine files on datastores. Open vSphere Web Client: Review VM disk settings: Migrate VM to new datastore with a thick provisioned (lazy zeroed) disk format: Rename a…
Teach the user how to use create log bundles for vCenter Server or ESXi hosts Open vSphere Web Client: Generate vCenter Server and ESXi host log bundle:  Open vCenter Server Appliance Web Management interface and generate log bundle: Open vCenter Se…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question