Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

8/13/2008
03:47 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

VMware Issues Patch For Hypervisor Bug

CEO Paul Maritz apologized to customers and said VMware was determined to get to the bottom of the problem that caused virtual machines to refuse to start.

VMware has issued a patch for the bug that was contained in Update 2 for the ESX 3.5 hypervisor, a bug that caused ESX and ESXi 3.5 virtual machines to refuse to start up Tuesday morning. The company also is working to fix the Update 2 software and reissue it without the flaw.

The ESX 3.5 hypervisor's Update 2 was first released 17 days ago. The new, freely downloadable ESXi 3.5 hypervisor was released 16 days ago. The company said it expect the bug-free software to become available at later today.

A license limitation built into the Update 2 release caused ESX and ESXi 3.5 virtual machines to stop running Tuesday morning. VMware issued a patch for existing Update 2 users at about 9 p.m. Tuesday. It didn't have an estimate of how many customers were using Update 2 or what percentage of the customer base had adopted it. Because the update was issued only recently, it is possible only a fraction of the customer base has tested the update in isolation and then implemented it in production.

Nevertheless, new president and CEO Paul Maritz wrote a letter in which he apologized to customers and said VMware was determined to get to the bottom of the problem. "I want to apologize for the disruption and difficulty this issue may have caused our customers and our partners. Your confidence in VMware is extremely important to us, and we are committed to restoring that confidence fully and quickly."

VMware hoped to have a new version of Update 2 available by noon on Wednesday, it said Tuesday as news of the bug spread. VMware spokesmen at noon revised that timing and said the new version will be ready by 6 p.m. on Wednesday.

"We are doing everything in our power to make sure this doesn't happen again," Maritz' letter, posted on the VMware Web site, said. "VMware prides itself on the quality and reliability of our products, and this incident has prompted a thorough self-examination of how we create and deliver products. ... We have kicked off a comprehensive, in-depth review ... and will quickly make the needed changes."

The problem was created when ESX 3.5 Update 2 was sent to customers with a piece of code in it that caused the license governing use of the code to expire at 12 a.m. on Tuesday, Aug. 12. That wouldn't shut down a continuously running virtual machine, but it if had been decommissioned and stored Monday night, it wouldn't start again Tuesday morning. Likewise, use of the VMotion capability that shuts a virtual machine down on one physical server while starting a carbon copy on another server would also cause the virtual machine to fail.

A virtual machine that was left in suspension mode Monday night could not be brought out suspension on Tuesday morning, VMware officials said.

Maritz explained that the inadvertent code in Update 2 "was designed to ensure that customers are running on the supported, general available version of Update 2," not earlier, unsupported versions of Update 2. But the explanation was still likely to leave users of the free version of the ESX hypervisor, ESXi, disgruntled if they had been sold on its ease of use features.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
Derek Manky, Chief of Security Insights and Global Threat Alliances, FortiGuard Labs,  7/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-3931
PUBLISHED: 2020-07-08
Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command.
CVE-2020-15600
PUBLISHED: 2020-07-07
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
CVE-2020-15599
PUBLISHED: 2020-07-07
Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.
CVE-2020-8916
PUBLISHED: 2020-07-07
A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to res...
CVE-2020-12821
PUBLISHED: 2020-07-07
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.