Issue Overview:
It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
Affected Packages:
apache-commons-collections
Issue Correction:
Run yum update apache-commons-collections to update your system.
New Packages:
noarch:
ย ย ย apache-commons-collections-testframework-javadoc-3.2.1-11.9.amzn1.noarch
ย ย ย apache-commons-collections-3.2.1-11.9.amzn1.noarch
ย ย ย apache-commons-collections-javadoc-3.2.1-11.9.amzn1.noarch
ย ย ย apache-commons-collections-testframework-3.2.1-11.9.amzn1.noarch
src:
ย ย ย apache-commons-collections-3.2.1-11.9.amzn1.src
Red Hat: CVE-2015-7501
Mitre: CVE-2015-7501