Original URL: https://www.theregister.com/2014/03/12/vsphere_55_update_1_rolls_into_sysadmins_laps/

VMware drops vSphere 5.5 Update 1 into sysadmins' laps

DDoS fix, web client leaves Linux in lurch, plus VSAN bugs revealed

By Simon Sharwood

Posted in Virtualization, 12th March 2014 07:02 GMT

VMware has released VSphere 5.5 Update 1, the first big update to its flagship cloud co-ordinator.

Some of the update's features were widely known in advance, especially the inclusion of the VSAN virtual SAN right there in the kernel. VSAN's not perfect, however. The “known issues” section of VMware's release notes points out the software's “data store displays the Total capacity inclusive of capacity of both healthy and unhealthy disks” along with a couple of other minor bugs.

It turns out the update also offers three important patches, one of which fixes to the package's NTP daemon, which ” … has a DDoS vulnerability in the handling of the 'monlist' command [that meant] ... An attacker may send a forged request to a vulnerable NTP server resulting in an amplified response to the intended target of the DDoS attack.”

Also in the new version is the ability to manage VMware's hybrid cloud service from within the vSphere Web Client, thanks to a new plugin. But the web client is no longer supported on Linux because, as VMware advises, “Linux platforms are no longer supported by Adobe Flash, vSphere Web Client is not supported on the Linux OS.” There's still some hope as VMware says “Third party browsers that add support for Adobe Flash on the Linux desktop OS might continue to function.”

Another interesting change the release notes point to can be found in the accompanying Guest OS Matrix (PDF) describing the operating systems that can be virtualised. Ubuntu 13.10 and 13.04 are now listed as "tbd", which should be encouraging to Shuttleworthians.

We could go on and offer more detail, but that's the job of the release notes.

vSphere 5.5 has had previous updates. Versions “a” and “b” emerged in 2013, with the latter updated in late January 2014. Neither was critical, but VMware is very keen on users upgrading to Update 1 so they can start to play with VSAN. ®