Patching time! VMware released an update for vCenter Server and ESXi -> 7.0 Update 3f.

vCenter server:

NOTE: If your source system contains hosts of versions between ESXi 7.0 Update 2 and Update 3c, and Intel drivers, before upgrading to vCenter Server 7.0 Update 3f, see the What’s New section of the VMware vCenter Server 7.0 Update 3c Release Notes, because all content in the section is also applicable for vSphere 7.0 Update 3f. Also, see the related VMware knowledge base articles: 86447, 87258, and 87308.

Download Filename	VMware-vCenter-Server-Appliance-7.0.3.00700-20051473-patch-FP.iso
Build	20051473
Download Size	6579.7 MB
md5sum	3b0003a309c9d70d7b9e961fa56fbb5f
sha256checksum	1b5ca1e4a95394d740e96fd2dfe1ce60928ccbb632ad5ab7238a4d998257d146

To download this patch, after you log in to VMware Customer Connect, select VC from the Select a Product drop-down menu and select 7.0.3 from the Select a Version drop-down menu.

Attach the VMware-vCenter-Server-Appliance-7.0.3.00700-20051473-patch-FP.iso file to the vCenter Server CD or DVD drive.
Log in to the appliance shell as a user with super administrative privileges (for example, root) and run the following commands:
- To stage the ISO:
  software-packages stage --iso
- To see the staged content:
  software-packages list --staged
- To install the staged rpms:
  software-packages install --staged

Security issues:

vCenter Server 7.0 Update 3f provides the following security updates:
- cURL is updated to version 7.82.
- The Jackson package is updated to version 2.13.2 and jackson-databind to version 2.13.2.2.
- The Oracle (Sun) JRE package is updated to version 1.8.0_311.
- The Apache Tomcat server is updated to versions 8.5.78/9.0.62.
- The OpenSSL library is updated to versions 1.0.2ze/1.1.1o.
- The SQLite database is updated to version 3.36.0.3.
- Apache log4j is updated to version 2.17.1.
- Apache Struts is updated to version 2.5.30.
- The Spring library is updated to versions 5.2.20/5.3.18.
- Eclipse Jetty is updated to version 9.4.46.v20220331.
- The XStream library is updated to version 1.4.19.
- The Expat XML parser is updated to version 2.4.7.
- The Struts2 Core framework is updated to version 2.5.30.
- The libxml2 library is updated to version 2.9.13.

This release resolves CVE-2022-22982. For more information on this vulnerability and its impact on VMware products, see VMSA-2022-0018.
This release resolves CVE-2021-22048. For more information on this vulnerability and its impact on VMware products, see VMSA-2021-0025.
Increased scalability of VMware HCI Mesh: With vCenter Server 7.0 Update 3f, a vSAN cluster can serve its local datastore to up to ten client vSAN clusters.
Enhanced vSphere Client components: vCenter Server 7.0 Update 3f fixes important usability issues in the vSphere Client Inventory, Data Grid, Related Objects, and Global Inventory Lists components. The usability enhancements include:
- setting item height to 25px in the Inventory tree to make the tree more compact
- removing excessive margins from the Action menu
- improved right-click selection for Data Grid
- better handling of selected items in the Related Objects and Global Inventory Lists tabs
- customizable page size, from 35 to 200 items, in Related Object lists.
For VMware vSphere with Tanzu updates, see VMware vSphere with Tanzu Release Notes.
For Photon OS updates, see VMware vCenter Server Appliance Photon OS Security Patches.

ESXi:

ESXi 7.0 Update 3f supports vSphere Quick Boot on the following servers:
- Cisco Systems Inc:
  - UCSC-C220-M6N
  - UCSC-C225-M6N
  - UCSC-C240-M6L
  - UCSC-C240-M6N
  - UCSC-C240-M6SN
  - UCSC-C240-M6SX
- Dell Inc:
  - PowerEdge XR11
  - PowerEdge XR12
  - PowerEdge XE8545
- HPE:
  - Edgeline e920
  - Edgeline e920d
  - Edgeline e920t
  - ProLiant DL20 Gen10 Plus
  - ProLiant DL110 Gen10 Plus
  - ProLiant ML30 Gen10 Plus
- Lenovo:
  - ThinkSystem SR 860 V2

his release resolves CVE-2022-23816, CVE-2022-23825, CVE-2022-28693, and CVE-2022-29901. For more information on these vulnerabilities and their impact on VMware products, see VMSA-2022-0020.

Download Filename:	VMware-ESXi-7.0U3f-20036589-depot
Build:	20036589
Download Size:	575.2 MB
md5sum:	8543deb5d6d71bc7cc6d6c21977b1181
sha256checksum:	b4cd253cbc28abfa01fbe8e996c3b0fd8b6be9e442a4631f35616eb34e9e01e9
Host Reboot Required:	Yes
Virtual Machine Migration or Shutdown Required:	Yes

Component	Bulletin	Category	Severity
ESXi Component – core ESXi VIBs	ESXi_7.0.3-0.50.20036589	Bugfix	Critical
ESXi Install/Upgrade Component	esx-update_7.0.3-0.50.20036589	Bugfix	Critical
Broadcom NetXtreme-E Network and ROCE/RDMA Drivers for VMware ESXi	Broadcom-bnxt-Net-RoCE_216.0.0.0-1vmw.703.0.50.20036589	Bugfix	Critical
Network driver for Intel(R) E810 Adapters	Intel-icen_1.4.1.20-1vmw.703.0.50.20036589	Bugfix	Critical
Network driver for Intel(R) X722 and E810 based RDMA Adapters	Intel-irdman_1.3.1.22-1vmw.703.0.50.20036589	Bugfix	Critical
VMware Native iSER Driver	VMware-iser_1.1.0.1-1vmw.703.0.50.20036589	Bugfix	Critical
Broadcom Emulex Connectivity Division lpfc driver for FC adapters	Broadcom-ELX-lpfc_14.0.169.26-5vmw.703.0.50.20036589	Bugfix	Critical
LSI NATIVE DRIVERS LSU Management Plugin	Broadcom-lsiv2-drivers-plugin_1.0.0-12vmw.703.0.50.20036589	Bugfix	Critical
Networking Driver for Intel PRO/1000 Family Adapters	Intel-ne1000_0.9.0-1vmw.703.0.50.20036589	Bugfix	Critical
USB Driver	VMware-vmkusb_0.1-7vmw.703.0.50.20036589	Bugfix	Critical
ESXi Component – core ESXi VIBs	ESXi_7.0.3-0.45.20036586	Security	Critical
ESXi Install/Upgrade Component	esx-update_7.0.3-0.45.20036586	Security	Critical
VMware-VM-Tools	VMware-VM-Tools_12.0.0.19345655-20036586	Security	Critical