ALAS2023-2026-1454

Amazon Linux 2023 Security Advisory: ALAS2023-2026-1454
Advisory Released Date: 2026-03-05
Advisory Updated Date: 2026-03-05
Severity: Important
Issue Overview:

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdp_write_logon_info_v2() allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerability is fixed in 3.22.0. (CVE-2026-23948)

Client side issue with FreeRDP (CVE-2026-24491)

Client side issue with FreeRDP (CVE-2026-24675)

Client side issue with FreeRDP (CVE-2026-24676)

Client side issue with FreeRDP (CVE-2026-24677)

Client side issue with FreeRDP (CVE-2026-24678)

Client side issue with FreeRDP (CVE-2026-24679)

Client side issue with FreeRDP (CVE-2026-24680)

Client side issue with FreeRDP (CVE-2026-24681)

Client side issue with FreeRDP (CVE-2026-24682)

Client side issue with FreeRDP (CVE-2026-24683)

Client side issue with FreeRDP (CVE-2026-24684)


Affected Packages:

freerdp


Issue Correction:
Run dnf update freerdp --releasever 2023.10.20260302 or dnf update --advisory ALAS2023-2026-1454 --releasever 2023.10.20260302 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:
aarch64:
    libwinpr-debuginfo-3.6.3-1.amzn2023.0.4.aarch64
    freerdp-libs-debuginfo-3.6.3-1.amzn2023.0.4.aarch64
    freerdp-server-debuginfo-3.6.3-1.amzn2023.0.4.aarch64
    freerdp-server-3.6.3-1.amzn2023.0.4.aarch64
    freerdp-debuginfo-3.6.3-1.amzn2023.0.4.aarch64
    freerdp-3.6.3-1.amzn2023.0.4.aarch64
    libwinpr-devel-3.6.3-1.amzn2023.0.4.aarch64
    libwinpr-3.6.3-1.amzn2023.0.4.aarch64
    freerdp-devel-3.6.3-1.amzn2023.0.4.aarch64
    freerdp-libs-3.6.3-1.amzn2023.0.4.aarch64
    freerdp-debugsource-3.6.3-1.amzn2023.0.4.aarch64

src:
    freerdp-3.6.3-1.amzn2023.0.4.src

x86_64:
    freerdp-libs-debuginfo-3.6.3-1.amzn2023.0.4.x86_64
    freerdp-debuginfo-3.6.3-1.amzn2023.0.4.x86_64
    libwinpr-3.6.3-1.amzn2023.0.4.x86_64
    freerdp-server-3.6.3-1.amzn2023.0.4.x86_64
    libwinpr-debuginfo-3.6.3-1.amzn2023.0.4.x86_64
    freerdp-server-debuginfo-3.6.3-1.amzn2023.0.4.x86_64
    freerdp-devel-3.6.3-1.amzn2023.0.4.x86_64
    libwinpr-devel-3.6.3-1.amzn2023.0.4.x86_64
    freerdp-3.6.3-1.amzn2023.0.4.x86_64
    freerdp-libs-3.6.3-1.amzn2023.0.4.x86_64
    freerdp-debugsource-3.6.3-1.amzn2023.0.4.x86_64

Additional References

Release Notes:  Amazon Linux 2023 Release Notes

Red Hat: CVE-2026-23948, CVE-2026-24491, CVE-2026-24675, CVE-2026-24676, CVE-2026-24677, CVE-2026-24678, CVE-2026-24679, CVE-2026-24680, CVE-2026-24681, CVE-2026-24682, CVE-2026-24683, CVE-2026-24684

Mitre: CVE-2026-23948, CVE-2026-24491, CVE-2026-24675, CVE-2026-24676, CVE-2026-24677, CVE-2026-24678, CVE-2026-24679, CVE-2026-24680, CVE-2026-24681, CVE-2026-24682, CVE-2026-24683, CVE-2026-24684