RLSA-2026:16019

Security

Mirrored from RHSA-2026:16019

Issued at: 2026-05-13

Updated at: 2026-05-13

Synopsis

Moderate: freerdp security update

Description

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.

Security Fix(es):

* freerdp: FreeRDP: Denial of service due to use-after-free vulnerability (CVE-2026-25952)

* freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect (CVE-2026-26986)

* freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity (CVE-2026-27951)

* freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId (CVE-2026-29775)

* freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks (CVE-2026-31885)

* freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0 (CVE-2026-31884)

* freerdp: FreeRDP: Denial of Service via crafted audio data in RDP (CVE-2026-31883)

* FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read (CVE-2026-33985)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 8 aarch64

Rocky Linux 8 x86_64

Fixes

2442768

2442782

2442783

2447379

2447383

2447385

2447386

2453217

CVEs

CVE-2026-25952

CVE-2026-26986

CVE-2026-27951

CVE-2026-29775

CVE-2026-31883

CVE-2026-31884

CVE-2026-31885

CVE-2026-33985

Affected packages

Rocky Linux 8 aarch64 - AppStream

freerdp-2:2.11.7-9.el8_10.aarch64.rpm

freerdp-2:2.11.7-9.el8_10.src.rpm

freerdp-debuginfo-2:2.11.7-9.el8_10.aarch64.rpm

freerdp-debugsource-2:2.11.7-9.el8_10.aarch64.rpm

freerdp-libs-2:2.11.7-9.el8_10.aarch64.rpm

freerdp-libs-debuginfo-2:2.11.7-9.el8_10.aarch64.rpm

libwinpr-2:2.11.7-9.el8_10.aarch64.rpm

libwinpr-debuginfo-2:2.11.7-9.el8_10.aarch64.rpm

libwinpr-devel-2:2.11.7-9.el8_10.aarch64.rpm

Rocky Linux 8 x86_64 - AppStream

freerdp-2:2.11.7-9.el8_10.src.rpm

freerdp-2:2.11.7-9.el8_10.x86_64.rpm

freerdp-debuginfo-2:2.11.7-9.el8_10.i686.rpm

freerdp-debuginfo-2:2.11.7-9.el8_10.x86_64.rpm

freerdp-debugsource-2:2.11.7-9.el8_10.i686.rpm

freerdp-debugsource-2:2.11.7-9.el8_10.x86_64.rpm

freerdp-libs-2:2.11.7-9.el8_10.i686.rpm

freerdp-libs-2:2.11.7-9.el8_10.x86_64.rpm

freerdp-libs-debuginfo-2:2.11.7-9.el8_10.i686.rpm

freerdp-libs-debuginfo-2:2.11.7-9.el8_10.x86_64.rpm

libwinpr-2:2.11.7-9.el8_10.i686.rpm

libwinpr-2:2.11.7-9.el8_10.x86_64.rpm

libwinpr-debuginfo-2:2.11.7-9.el8_10.i686.rpm

libwinpr-debuginfo-2:2.11.7-9.el8_10.x86_64.rpm

libwinpr-devel-2:2.11.7-9.el8_10.i686.rpm

libwinpr-devel-2:2.11.7-9.el8_10.x86_64.rpm

Rocky Linux 8 aarch64 - PowerTools

freerdp-devel-2:2.11.7-9.el8_10.aarch64.rpm

Rocky Linux 8 x86_64 - PowerTools

freerdp-devel-2:2.11.7-9.el8_10.i686.rpm

freerdp-devel-2:2.11.7-9.el8_10.x86_64.rpm