ALAS2-2026-3181

Details

Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2026-24684: Client side issue with FreeRDP

CVE-2026-24683: Client side issue with FreeRDP

CVE-2026-24681: Client side issue with FreeRDP

CVE-2026-24679: Client side issue with FreeRDP

CVE-2026-24677: Client side issue with FreeRDP

CVE-2026-24676: Client side issue with FreeRDP

CVE-2026-24675: Client side issue with FreeRDP

CVE-2026-24491: Client side issue with FreeRDP

CVE-2026-23948: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdp_write_logon_info_v2() allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerability is fixed in 3.22.0.

Affected Packages

freerdp

AmazonLinux 2

Fixed in:

2.11.7-1.amzn2.0.5

freerdp-debuginfo

AmazonLinux 2

Fixed in:

2.11.7-1.amzn2.0.5

freerdp-devel

AmazonLinux 2

Fixed in:

2.11.7-1.amzn2.0.5

freerdp-libs

AmazonLinux 2

Fixed in:

2.11.7-1.amzn2.0.5

libwinpr

AmazonLinux 2

Fixed in:

2.11.7-1.amzn2.0.5

libwinpr-devel

AmazonLinux 2

Fixed in:

2.11.7-1.amzn2.0.5

References

ADVISORY

https://alas.aws.amazon.com/AL2/ALAS2-2026-3181.html