ALAS-2016-692


Amazon Linux AMI Security Advisory: ALAS-2016-692
Advisory Release Date: 2016-04-27 16:15 Pacific
Severity: Important
References:

Issue Overview:

As reported upstream, various classes in the functor collection are serialization and use reflection, which could result in arbitrary code execution if objects from untrusted sources are de-serialized.


Affected Packages:

apache-commons-collections


Issue Correction:
Run yum update apache-commons-collections to update your system.

New Packages:
noarch:
    apache-commons-collections-javadoc-3.2.2-3.10.amzn1.noarch
    apache-commons-collections-3.2.2-3.10.amzn1.noarch
    apache-commons-collections-testframework-3.2.2-3.10.amzn1.noarch

src:
    apache-commons-collections-3.2.2-3.10.amzn1.src