Amazon Linux 2 Security Advisory: ALAS2-2026-3181
Advisory Released Date: 2026-03-06
Advisory Updated Date: 2026-03-06
FAQs regarding Amazon Linux ALAS/CVE Severity
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdp_write_logon_info_v2() allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerability is fixed in 3.22.0. (CVE-2026-23948)
Client side issue with FreeRDP (CVE-2026-24491)
Client side issue with FreeRDP (CVE-2026-24675)
Client side issue with FreeRDP (CVE-2026-24676)
Client side issue with FreeRDP (CVE-2026-24677)
Client side issue with FreeRDP (CVE-2026-24679)
Client side issue with FreeRDP (CVE-2026-24681)
Client side issue with FreeRDP (CVE-2026-24683)
Client side issue with FreeRDP (CVE-2026-24684)
Affected Packages:
freerdp
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update freerdp or yum update --advisory ALAS2-2026-3181 to update your system.
aarch64:
freerdp-2.11.7-1.amzn2.0.5.aarch64
freerdp-libs-2.11.7-1.amzn2.0.5.aarch64
freerdp-devel-2.11.7-1.amzn2.0.5.aarch64
libwinpr-2.11.7-1.amzn2.0.5.aarch64
libwinpr-devel-2.11.7-1.amzn2.0.5.aarch64
freerdp-debuginfo-2.11.7-1.amzn2.0.5.aarch64
i686:
freerdp-2.11.7-1.amzn2.0.5.i686
freerdp-libs-2.11.7-1.amzn2.0.5.i686
freerdp-devel-2.11.7-1.amzn2.0.5.i686
libwinpr-2.11.7-1.amzn2.0.5.i686
libwinpr-devel-2.11.7-1.amzn2.0.5.i686
freerdp-debuginfo-2.11.7-1.amzn2.0.5.i686
src:
freerdp-2.11.7-1.amzn2.0.5.src
x86_64:
freerdp-2.11.7-1.amzn2.0.5.x86_64
freerdp-libs-2.11.7-1.amzn2.0.5.x86_64
freerdp-devel-2.11.7-1.amzn2.0.5.x86_64
libwinpr-2.11.7-1.amzn2.0.5.x86_64
libwinpr-devel-2.11.7-1.amzn2.0.5.x86_64
freerdp-debuginfo-2.11.7-1.amzn2.0.5.x86_64