ALAS-2016-692


Amazon Linux 1 Security Advisory: ALAS-2016-692
Advisory Release Date: 2016-04-27 16:15 Pacific
Advisory Updated Date: 2016-04-27 16:15 Pacific
Severity: Important

Issue Overview:

As reported upstream (https://commons.apache.org/proper/commons-collections/security-reports.html), various classes in the functor collection are serialization and use reflection, which could result in arbitrary code execution if objects from untrusted sources are de-serialized.


Affected Packages:

apache-commons-collections


Issue Correction:
Run yum update apache-commons-collections to update your system.

New Packages:
noarch:
    apache-commons-collections-javadoc-3.2.2-3.10.amzn1.noarch
    apache-commons-collections-3.2.2-3.10.amzn1.noarch
    apache-commons-collections-testframework-3.2.2-3.10.amzn1.noarch

src:
    apache-commons-collections-3.2.2-3.10.amzn1.src