Amazon Linux 1 Security Advisory: ALAS-2016-692
Advisory Release Date: 2016-04-27 16:15 Pacific
Advisory Updated Date: 2016-04-27 16:15 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
As reported upstream (https://commons.apache.org/proper/commons-collections/security-reports.html), various classes in the functor collection are serialization and use reflection, which could result in arbitrary code execution if objects from untrusted sources are de-serialized.
Affected Packages:
apache-commons-collections
Issue Correction:
Run yum update apache-commons-collections to update your system.
noarch:
apache-commons-collections-javadoc-3.2.2-3.10.amzn1.noarch
apache-commons-collections-3.2.2-3.10.amzn1.noarch
apache-commons-collections-testframework-3.2.2-3.10.amzn1.noarch
src:
apache-commons-collections-3.2.2-3.10.amzn1.src