[Apollo] Advisories Statistics light light Login

RLSA-2026:36203

Security Mirrored from RHSA-2026:36203
Issued at: 2026-07-08
Updated at: 2026-07-08

Synopsis

Important: freerdp security update



Description

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.

Security Fix(es):

* freerdp: FreeRDP: Remote code execution via heap-buffer-overflow in gdi_CacheToSurface (CVE-2026-40033)

* freerdp: FreeRDP: Arbitrary code execution or denial of service via heap use-after-free in RDPEAR NDR parser (CVE-2026-44422)

* freerdp: FreeRDP: Out-of-bounds write in planar bitmap decoder allows arbitrary code execution (CVE-2026-45700)

* freerdp: FreeRDP: Arbitrary code execution via crafted RDPGFX PDUs (CVE-2026-44421)

* freerdp: FreeRDP: Arbitrary code execution and denial of service via heap-buffer-overflow (CVE-2026-44420)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 10 aarch64 Rocky Linux 10 ppc64le Rocky Linux 10 riscv64 Rocky Linux 10 s390x Rocky Linux 10 x86_64

Fixes

2483470 2483480 2481473 2483471 2483467

CVEs

CVE-2026-40033 CVE-2026-44420 CVE-2026-44421 CVE-2026-44422 CVE-2026-45700

Affected packages

Rocky Linux 10 ppc64le - AppStream

freerdp-debugsource-2:3.10.3-12.el10_2.6.ppc64le.rpm freerdp-2:3.10.3-12.el10_2.6.src.rpm freerdp-libs-debuginfo-2:3.10.3-12.el10_2.6.ppc64le.rpm freerdp-libs-2:3.10.3-12.el10_2.6.ppc64le.rpm libwinpr-2:3.10.3-12.el10_2.6.ppc64le.rpm freerdp-debuginfo-2:3.10.3-12.el10_2.6.ppc64le.rpm freerdp-2:3.10.3-12.el10_2.6.ppc64le.rpm libwinpr-debuginfo-2:3.10.3-12.el10_2.6.ppc64le.rpm

Rocky Linux 10 s390x - AppStream

freerdp-libs-2:3.10.3-12.el10_2.6.s390x.rpm freerdp-2:3.10.3-12.el10_2.6.src.rpm freerdp-2:3.10.3-12.el10_2.6.s390x.rpm freerdp-libs-debuginfo-2:3.10.3-12.el10_2.6.s390x.rpm freerdp-debugsource-2:3.10.3-12.el10_2.6.s390x.rpm freerdp-debuginfo-2:3.10.3-12.el10_2.6.s390x.rpm libwinpr-2:3.10.3-12.el10_2.6.s390x.rpm libwinpr-debuginfo-2:3.10.3-12.el10_2.6.s390x.rpm

Rocky Linux 10 aarch64 - AppStream

freerdp-2:3.10.3-12.el10_2.6.src.rpm freerdp-debuginfo-2:3.10.3-12.el10_2.6.aarch64.rpm libwinpr-2:3.10.3-12.el10_2.6.aarch64.rpm libwinpr-debuginfo-2:3.10.3-12.el10_2.6.aarch64.rpm freerdp-debugsource-2:3.10.3-12.el10_2.6.aarch64.rpm freerdp-libs-debuginfo-2:3.10.3-12.el10_2.6.aarch64.rpm freerdp-2:3.10.3-12.el10_2.6.aarch64.rpm freerdp-libs-2:3.10.3-12.el10_2.6.aarch64.rpm

Rocky Linux 10 riscv64 - AppStream

freerdp-2:3.10.3-12.el10_2.6.src.rpm

Rocky Linux 10 x86_64 - AppStream

freerdp-2:3.10.3-12.el10_2.6.src.rpm libwinpr-2:3.10.3-12.el10_2.6.x86_64.rpm freerdp-debugsource-2:3.10.3-12.el10_2.6.x86_64.rpm freerdp-libs-debuginfo-2:3.10.3-12.el10_2.6.x86_64.rpm freerdp-debuginfo-2:3.10.3-12.el10_2.6.x86_64.rpm libwinpr-debuginfo-2:3.10.3-12.el10_2.6.x86_64.rpm freerdp-libs-2:3.10.3-12.el10_2.6.x86_64.rpm freerdp-2:3.10.3-12.el10_2.6.x86_64.rpm

Rocky Linux 10 s390x - CRB

freerdp-server-debuginfo-2:3.10.3-12.el10_2.6.s390x.rpm freerdp-devel-2:3.10.3-12.el10_2.6.s390x.rpm libwinpr-devel-2:3.10.3-12.el10_2.6.s390x.rpm freerdp-server-2:3.10.3-12.el10_2.6.s390x.rpm

Rocky Linux 10 aarch64 - CRB

freerdp-devel-2:3.10.3-12.el10_2.6.aarch64.rpm freerdp-server-debuginfo-2:3.10.3-12.el10_2.6.aarch64.rpm freerdp-server-2:3.10.3-12.el10_2.6.aarch64.rpm libwinpr-devel-2:3.10.3-12.el10_2.6.aarch64.rpm

Rocky Linux 10 ppc64le - CRB

freerdp-server-debuginfo-2:3.10.3-12.el10_2.6.ppc64le.rpm freerdp-server-2:3.10.3-12.el10_2.6.ppc64le.rpm libwinpr-devel-2:3.10.3-12.el10_2.6.ppc64le.rpm freerdp-devel-2:3.10.3-12.el10_2.6.ppc64le.rpm

Rocky Linux 10 x86_64 - CRB

freerdp-server-debuginfo-2:3.10.3-12.el10_2.6.x86_64.rpm libwinpr-devel-2:3.10.3-12.el10_2.6.x86_64.rpm freerdp-server-2:3.10.3-12.el10_2.6.x86_64.rpm freerdp-devel-2:3.10.3-12.el10_2.6.x86_64.rpm