VCSA 6.5.0c is Out!

VMware just released a new version and patch for their VCSA 6.5 vCenter Server Appliance.
6.5.0c addresses the Apache BlazeDS security vulnerability.

Resolved Issues

VMware vCenter Server contains a remote code execution vulnerability due the use of BlazeDS to process AMF3 messages. This issue may be exploited to execute arbitrary code when deserializing an untrusted Java object. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-5641 to this issue.

The new build is:
Name: VMware-VCSA-all-6.5.0-5318112.iso
Release Date: 2017-04-13
Build Number: 5318112

The new patch is:
VMware-vCenter-Server-Appliance-6.5.0.5400-5318112-patch-FP.iso
Download Size:1627.4 MB

The simplest way to install the patch is to use the Update feature in the VAMI interface of the VCSA GUI.
Login to https://<VCSA-IP-or_FQDN>:5480
Click on Update on the left.

You can use the Settings button to setup Automatic Checking for Updates to VCSA.
You can manually check for updates by clicking the Check Updates button.
Once an update is displayed as in the following picture, you can install it.

The installation has a thermometer for completion status.
This particular update requires a reboot when done, which can also be done from inside the VAMI.

More information on the update is here in the Release Notes.

If you prefer the command line method for installing VCSA patches, checkout  KB 2149656:
https://kb.vmware.com/kb/2149656