ESXi 6.5 升级+修补漏洞笔记

发布于 2021-04-02  618 次阅读


2 月 24 日,国家信息安全漏洞共享平台(CNVD)收录了 VMware vCenter Server 远程代码执行漏洞(CNVD-2021-12322,对应 CVE-2021-21972)、VMware ESXi OpenSLP 堆溢出漏洞(CNVD-2021-12321,对应 CVE-2021-21974)。

以下做 ESXi 6.5 升级最新Update3+修补漏洞 的简单介绍

1、zip补丁包下载地址:https://my.vmware.com/group/vmware/patch#search

2、更新esxi方法:https://kb.vmware.com/s/article/2008939?lang=zh_CN

详细操作:

1.将ESXi 6.5  的虚拟机关机。并且将ESXi6.5 关机

image.png

2.将VMware-VMvisor-Installer-6.5.0.update03 ,写入U盘。插入到服务器USB,并且USB 启动,进入ESXi 安装模式。

image.png
image.png
image.png
image.png
image.png

3.进入ESXi  ,将 SSH 功能开启,并且将ZIP文件上传,到服务器存储里面,将系统设置为维护模式。

image.png
image.png
image.png

4.SSH 进入系统操作

执行执行安装补丁命令:

[root@localhost:~] esxcli software vib install -d "/vmfs/volumes/datastore1/ESXi650-202102001.zip"
出现报错 
[DependencyError]
 VIB QLC_bootbank_qedrntv_3.11.16.0-1OEM.650.0.0.4598673 requires qedentv_ver = X.11.15.0, but the requirement cannot be satisfied within the ImageProfile.
 VIB QLC_bootbank_qedf_1.3.42.50-1OEM.600.0.0.2768847 requires qedentv_ver = X.11.15.0, but the requirement cannot be satisfied within the ImageProfile.
 VIB QLC_bootbank_scsi-qedil_1.15.15.0-1OEM.600.0.0.2494585 requires qedentv_ver = X.11.15.0, but the requirement cannot be satisfied within the ImageProfile.
 Please refer to the log file for more details.

将报错的三个插件卸载

[root@localhost:~] esxcli software vib remove -n qedf
Removal Result
   Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.
   Reboot Required: true
   VIBs Installed: 
   VIBs Removed: QLC_bootbank_qedf_1.3.42.50-1OEM.600.0.0.2768847
   VIBs Skipped: 
[root@localhost:~] esxcli software vib remove -n scsi-qedil
Removal Result
   Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.
   Reboot Required: true
   VIBs Installed: 
   VIBs Removed: QLC_bootbank_scsi-qedil_1.15.15.0-1OEM.600.0.0.2494585
   VIBs Skipped: 

再执行安装补丁命令

[root@localhost:~] esxcli software vib install -d "/vmfs/volumes/datastore1/ESXi650-202102001.zip"

出现以下英文提示,说明已经补丁修复完成

Installation Result
   Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.
   Reboot Required: true

reboot 重启系统

5.退出维护模式。启动虚拟机,关闭SSH功能。

image.png
image.png
image.png

升级完成。记得将SSH 关闭。


一沙一世界,一花一天堂。君掌盛无边,刹那成永恒。