Amazon Linux 2023 Security Advisory: ALAS2023-2025-1034
Advisory Released Date: 2025-06-23
Advisory Updated Date: 2025-06-23
Severity:
Important
Issue Overview:
A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system. (CVE-2025-4478)
Affected Packages:
freerdp
Issue Correction:
Run dnf update freerdp --releasever 2023.7.20250623 to update your system.
New Packages:
aarch64:
freerdp-server-debuginfo-3.6.3-1.amzn2023.0.1.aarch64
freerdp-libs-debuginfo-3.6.3-1.amzn2023.0.1.aarch64
libwinpr-3.6.3-1.amzn2023.0.1.aarch64
libwinpr-devel-3.6.3-1.amzn2023.0.1.aarch64
freerdp-libs-3.6.3-1.amzn2023.0.1.aarch64
freerdp-debuginfo-3.6.3-1.amzn2023.0.1.aarch64
freerdp-server-3.6.3-1.amzn2023.0.1.aarch64
libwinpr-debuginfo-3.6.3-1.amzn2023.0.1.aarch64
freerdp-3.6.3-1.amzn2023.0.1.aarch64
freerdp-devel-3.6.3-1.amzn2023.0.1.aarch64
freerdp-debugsource-3.6.3-1.amzn2023.0.1.aarch64
src:
freerdp-3.6.3-1.amzn2023.0.1.src
x86_64:
freerdp-server-3.6.3-1.amzn2023.0.1.x86_64
libwinpr-debuginfo-3.6.3-1.amzn2023.0.1.x86_64
libwinpr-devel-3.6.3-1.amzn2023.0.1.x86_64
freerdp-3.6.3-1.amzn2023.0.1.x86_64
freerdp-libs-debuginfo-3.6.3-1.amzn2023.0.1.x86_64
freerdp-server-debuginfo-3.6.3-1.amzn2023.0.1.x86_64
freerdp-debuginfo-3.6.3-1.amzn2023.0.1.x86_64
libwinpr-3.6.3-1.amzn2023.0.1.x86_64
freerdp-libs-3.6.3-1.amzn2023.0.1.x86_64
freerdp-devel-3.6.3-1.amzn2023.0.1.x86_64
freerdp-debugsource-3.6.3-1.amzn2023.0.1.x86_64