Important: apache-commons-collections

2015-12-13T14:19:00
ID ALAS-2015-618
Type amazon
Reporter Amazon
Modified 2015-12-13T14:19:00

Description

Issue Overview:

It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

Affected Packages:

apache-commons-collections

Issue Correction:
Run yum update apache-commons-collections to update your system.

New Packages:

noarch:  
    apache-commons-collections-testframework-javadoc-3.2.1-11.9.amzn1.noarch  
    apache-commons-collections-3.2.1-11.9.amzn1.noarch  
    apache-commons-collections-javadoc-3.2.1-11.9.amzn1.noarch  
    apache-commons-collections-testframework-3.2.1-11.9.amzn1.noarch

src:  
    apache-commons-collections-3.2.1-11.9.amzn1.src