Red Hat Product Errata RHSA-2026:9640 - Security Advisory Issued: 2026-04-22 Updated: 2026-04-22 RHSA-2026:9640 - Security Advisory Overview Updated Packages Synopsis Important: freerdp security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for freerdp is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): freerdp: FreeRDP heap-use-after-free (CVE-2026-22856) freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22854) freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22852) freerdp: FreeRDP: Denial of Service via FastGlyph parsing buffer overflow (CVE-2026-23732) freerdp: FreeRDP: Denial of Service via use-after-free in AUDIN format renegotiation (CVE-2026-24676) freerdp: FreeRDP has a heap-use-after-free in video_timer (CVE-2026-24491) freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2() (CVE-2026-23948) freerdp: FreeRDP has a Heap-use-after-free in play_thread (CVE-2026-24684) freerdp: FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb (CVE-2026-24681) freerdp: FreeRDP has a heap-buffer-overflow in urb_select_interface (CVE-2026-24679) freerdp: FreeRDP has a Heap-use-after-free in urb_select_interface (CVE-2026-24675) freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages (CVE-2026-31806) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x Fixes BZ - 2429650 - CVE-2026-22856 freerdp: FreeRDP heap-use-after-free BZ - 2429652 - CVE-2026-22854 freerdp: FreeRDP heap-buffer-overflow BZ - 2429654 - CVE-2026-22852 freerdp: FreeRDP heap-buffer-overflow BZ - 2430881 - CVE-2026-23732 freerdp: FreeRDP: Denial of Service via FastGlyph parsing buffer overflow BZ - 2438201 - CVE-2026-24676 freerdp: FreeRDP: Denial of Service via use-after-free in AUDIN format renegotiation BZ - 2438202 - CVE-2026-24491 freerdp: FreeRDP has a heap-use-after-free in video_timer BZ - 2438207 - CVE-2026-23948 freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2() BZ - 2438208 - CVE-2026-24684 freerdp: FreeRDP has a Heap-use-after-free in play_thread BZ - 2438210 - CVE-2026-24681 freerdp: FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb BZ - 2438217 - CVE-2026-24679 freerdp: FreeRDP has a heap-buffer-overflow in urb_select_interface BZ - 2438221 - CVE-2026-24675 freerdp: FreeRDP has a Heap-use-after-free in urb_select_interface BZ - 2447376 - CVE-2026-31806 freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages CVEs CVE-2026-22852 CVE-2026-22854 CVE-2026-22856 CVE-2026-23732 CVE-2026-23948 CVE-2026-24491 CVE-2026-24675 CVE-2026-24676 CVE-2026-24679 CVE-2026-24681 CVE-2026-24684 CVE-2026-31806 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 SRPM freerdp-2.4.1-3.el9_0.4.src.rpm SHA-256: 087ad268622109f5b9c0085a690e6b35042f5c0fb127d851207907198eb66256 ppc64le freerdp-2.4.1-3.el9_0.4.ppc64le.rpm SHA-256: 9a40f5715c1398854b1f161e2b536382e3e8d30688acb473b64f35c039c0ca1a freerdp-debuginfo-2.4.1-3.el9_0.4.ppc64le.rpm SHA-256: 6fb069da82125ab623976d1af7bb840eeedaaeb8a4a81abb1929dae6bc3b4a67 freerdp-debugsource-2.4.1-3.el9_0.4.ppc64le.rpm SHA-256: ba1943fe718f4d8eac50fa8dfb358caf83e6e4b76685e5262b8bd22535879e7a freerdp-libs-2.4.1-3.el9_0.4.ppc64le.rpm SHA-256: 01ee9aa56321b252e1df94bb9264af336cc2c0e3ce3aacd343c558c80aa032e6 freerdp-libs-debuginfo-2.4.1-3.el9_0.4.ppc64le.rpm SHA-256: ebabbdf2cc6019653f298217accf91d3bc724585ab7ba7fe98bbedfc05ed05b2 libwinpr-2.4.1-3.el9_0.4.ppc64le.rpm SHA-256: 94c8d06791815c71292666ea1233c5e7c43c3500d28ef9ac8e1d3a784d32366b libwinpr-debuginfo-2.4.1-3.el9_0.4.ppc64le.rpm SHA-256: d91766dbd131a45233ed646400dcdbea02774ad9922327089c43e94223f3f06c Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 SRPM freerdp-2.4.1-3.el9_0.4.src.rpm SHA-256: 087ad268622109f5b9c0085a690e6b35042f5c0fb127d851207907198eb66256 x86_64 freerdp-2.4.1-3.el9_0.4.x86_64.rpm SHA-256: 23eaf0f672a553a100a29a3f7a4306916c28b74bb4bf446f7c652c6c15beafa6 freerdp-debuginfo-2.4.1-3.el9_0.4.i686.rpm SHA-256: 601ca4e012c79836347b1d06ac7d101ec1fe6c1d0ec52c95d7b26d62b7df881b freerdp-debuginfo-2.4.1-3.el9_0.4.x86_64.rpm SHA-256: db58faee555d81278e0737ac17eb091ed48dcd2cc2b06f5aec7f314632a44561 freerdp-debugsource-2.4.1-3.el9_0.4.i686.rpm SHA-256: ef867ca7bbfe36183320be02f95f5bf06c3bd56212fa130b15dcf6e7606d8bad freerdp-debugsource-2.4.1-3.el9_0.4.x86_64.rpm SHA-256: e9abb700f9fc5565707afd2bddb9aa394a9223f341d51ecf8fb2ee32919c2d1e freerdp-libs-2.4.1-3.el9_0.4.i686.rpm SHA-256: 678d9408e52263561da08107603a531787101c0bf948e3e0ef9ab259dc4a7ad6 freerdp-libs-2.4.1-3.el9_0.4.x86_64.rpm SHA-256: b9c08a3456ff54eb2898c618af46569df70468511c3383408e0be81cf082a9d9 freerdp-libs-debuginfo-2.4.1-3.el9_0.4.i686.rpm SHA-256: 827dbfd2a345811231a2a47240ea6996da81cbb96d786f9d02260c65e0303c35 freerdp-libs-debuginfo-2.4.1-3.el9_0.4.x86_64.rpm SHA-256: c234f5d422ecc78eacf6f5836aed51799faf07d4e15f51f11df39afec3264a3c libwinpr-2.4.1-3.el9_0.4.i686.rpm SHA-256: 636bac917e5e3de126596c27126d19a24ed3361c2f83adce58290ecfceb83e0e libwinpr-2.4.1-3.el9_0.4.x86_64.rpm SHA-256: 2fc6d2732d863f5e6537164536643f31459faa32acb82ec9df221d7d1c69c876 libwinpr-debuginfo-2.4.1-3.el9_0.4.i686.rpm SHA-256: db83a66e738addf5da0d7a2f5cf4fc0f809bce1a02ba457ede58bc9c930e08b6 libwinpr-debuginfo-2.4.1-3.el9_0.4.x86_64.rpm SHA-256: 1a42e441293828a079a94a2fc3b3eb66f990ae727a698922c8dc46aa06016a69 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 SRPM freerdp-2.4.1-3.el9_0.4.src.rpm SHA-256: 087ad268622109f5b9c0085a690e6b35042f5c0fb127d851207907198eb66256 aarch64 freerdp-2.4.1-3.el9_0.4.aarch64.rpm SHA-256: f1897541146bfbf21cf91e0322a36055eae4142bb5273f0094fc4676e0b1060a freerdp-debuginfo-2.4.1-3.el9_0.4.aarch64.rpm SHA-256: cc46f136786ec632f5721029fb4297ab7dcac8f0f47e0586970289decfd3eea0 freerdp-debugsource-2.4.1-3.el9_0.4.aarch64.rpm SHA-256: 087cc5419943f8e6b4bc69c768eeef61a92c690a358cddb8808cf6642d891e26 freerdp-libs-2.4.1-3.el9_0.4.aarch64.rpm SHA-256: 8d8f989ef1fdc22fd09bfe043e2ab86d0bb0127ed050661cf6ad47b8df50c5b6 freerdp-libs-debuginfo-2.4.1-3.el9_0.4.aarch64.rpm SHA-256: 8ca2e51c0d98735a99b17cbea922b0c425bbd2b9a5117bcb4b065869ff53c529 libwinpr-2.4.1-3.el9_0.4.aarch64.rpm SHA-256: 6a57eb5d1e8da1e4125d8a9c51b4270eab65fa8284d0cb332136fe5d4c16fdc0 libwinpr-debuginfo-2.4.1-3.el9_0.4.aarch64.rpm SHA-256: 64f6dfd391b2d44736d0cc86aab29d997bdf07d4c2b4be64bd9a3c3b67a2759b Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 SRPM freerdp-2.4.1-3.el9_0.4.src.rpm SHA-256: 087ad268622109f5b9c0085a690e6b35042f5c0fb127d851207907198eb66256 s390x freerdp-2.4.1-3.el9_0.4.s390x.rpm SHA-256: f6b0586b443c46c52c7594b6f4454f2283286449d211aca13cf4d48300aeebe3 freerdp-debuginfo-2.4.1-3.el9_0.4.s390x.rpm SHA-256: 6f1664f3a49e67abecaeb74e69575cb01a3462b18838eb3a56b951b3eb8674c7 freerdp-debugsource-2.4.1-3.el9_0.4.s390x.rpm SHA-256: 62c729974980d3ebf0e6235728ad8aa1a3fcbde73aa02f2962f919f32e9407d1 freerdp-libs-2.4.1-3.el9_0.4.s390x.rpm SHA-256: e85e9cad8fb5abc9733c764a4cef03a2ec8aa1600b50125d2c49ad7b5a5aa964 freerdp-libs-debuginfo-2.4.1-3.el9_0.4.s390x.rpm SHA-256: 4815df8f8df710c9822d8560d9b17b228e5ffa5da20aae3c677eae14bf8bb31e libwinpr-2.4.1-3.el9_0.4.s390x.rpm SHA-256: 010669dbe6f7a692d546f60aea05e40bb416b85806ae7f933f4a0f243760a975 libwinpr-debuginfo-2.4.1-3.el9_0.4.s390x.rpm SHA-256: 01e677649dfe60752cac3a88180ef21bf79a7230fd30e864099c800395825ee1 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .