vulnerability
Amazon Linux 2023: CVE-2025-4478: Important priority package update for freerdp
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:M/Au:N/C:N/I:P/A:C) | May 13, 2025 | Jun 24, 2025 | Jul 9, 2025 |
Severity
8
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:C)
Published
May 13, 2025
Added
Jun 24, 2025
Modified
Jul 9, 2025
Description
A flaw was found in the gnome-remote-desktop used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system.
Solutions
amazon-linux-2023-upgrade-freerdpamazon-linux-2023-upgrade-freerdp-debuginfoamazon-linux-2023-upgrade-freerdp-debugsourceamazon-linux-2023-upgrade-freerdp-develamazon-linux-2023-upgrade-freerdp-libsamazon-linux-2023-upgrade-freerdp-libs-debuginfoamazon-linux-2023-upgrade-freerdp-serveramazon-linux-2023-upgrade-freerdp-server-debuginfoamazon-linux-2023-upgrade-libwinpramazon-linux-2023-upgrade-libwinpr-debuginfoamazon-linux-2023-upgrade-libwinpr-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.