Advisories » MGASA-2016-0137

Updated apache-commons-collections packages fix CVE-2015-8103

Publication date: 13 Apr 2016
Modification date: 13 Apr 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8103

Description

Updated apache-commons-collections packages fix security vulnerability:

Due to an issue with serialization, Java applications can be vulnerable to
malicious remote code execution when the apache-commons-collections library is
on the classpath (CVE-2015-8103).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18123
• https://lists.fedoraproject.org/pipermail/package-announce/2016-April/181046.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8103

SRPMS

5/core

• apache-commons-collections-3.2.2-1.mga5