Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

Fedora 23: Apache Commons Collections Serialization Security Update

fedora
Calendar Grey April 2, 2016
Scroller Fedora
Tackling serialization challenges in Apache Commons Collections alongside Fedora's most recent security patch for enhanced safeguarding.
Update to upstream version 3.2.2 which fixes serialization vulnerability

Summary

The introduction of the Collections API by Sun in JDK 1.2 has been a

boon to quick and effective Java programming. Ready access to powerful

data structures has accelerated development by reducing the need for

custom container classes around each core object. Most Java2 APIs are

significantly easier to use because of the Collections API.

However, there are certain holes left unfilled by Sun's

implementations, and the Jakarta-Commons Collections Component strives

to fulfill them. Among the features of this package are:

- special-purpose implementations of Lists and Maps for fast access

- adapter classes from Java1-style containers (arrays, enumerations) to

Java2-style collections.

- methods to test or create typical set-theory properties of collections

such as union, intersection, and closure.

Update Information:

Update to upstream version 3.2.2 which fixes serialization vulnerability

Change Log

References


[ 1 ] Bug #1316430 - Version 3.2.1 has a CVSS 10.0 vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1316430

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update apache-commons-collections' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: apache-commons-collections
Product: Fedora 23
Version: 3.2.2
Release: 3.fc23
Summary: Provides new interfaces, implementations and utilities for Java Collections

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.