ALAS-2015-618

Amazon Linux 1 (EOL) Security Advisory: ALAS-2015-618
Advisory Released Date: 2015-12-14
Advisory Updated Date: 2015-12-14

Severity: Important

References: CVE-2015-7501
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

Affected Packages:

apache-commons-collections

Issue Correction:
Run yum update apache-commons-collections to update your system.

New Packages:

noarch:
    apache-commons-collections-testframework-javadoc-3.2.1-11.9.amzn1.noarch
    apache-commons-collections-3.2.1-11.9.amzn1.noarch
    apache-commons-collections-javadoc-3.2.1-11.9.amzn1.noarch
    apache-commons-collections-testframework-3.2.1-11.9.amzn1.noarch

src:
    apache-commons-collections-3.2.1-11.9.amzn1.src

Additional References

Red Hat: CVE-2015-7501

Mitre: CVE-2015-7501