Red Hat Product Errata RHSA-2026:10734 - Security Advisory Issued: 2026-04-27 Updated: 2026-04-27 RHSA-2026:10734 - Security Advisory Overview Updated Packages Synopsis Important: freerdp security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for freerdp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): freerdp: FreeRDP heap-use-after-free (CVE-2026-22856) freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22854) freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22852) freerdp: FreeRDP: Denial of Service via FastGlyph parsing buffer overflow (CVE-2026-23732) freerdp: FreeRDP: Denial of Service via use-after-free in AUDIN format renegotiation (CVE-2026-24676) freerdp: FreeRDP has a heap-use-after-free in video_timer (CVE-2026-24491) freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2() (CVE-2026-23948) freerdp: FreeRDP has a heap-buffer-overflow in urb_select_interface (CVE-2026-24679) freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages (CVE-2026-31806) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - AUS 8.2 x86_64 Fixes BZ - 2429650 - CVE-2026-22856 freerdp: FreeRDP heap-use-after-free BZ - 2429652 - CVE-2026-22854 freerdp: FreeRDP heap-buffer-overflow BZ - 2429654 - CVE-2026-22852 freerdp: FreeRDP heap-buffer-overflow BZ - 2430881 - CVE-2026-23732 freerdp: FreeRDP: Denial of Service via FastGlyph parsing buffer overflow BZ - 2438201 - CVE-2026-24676 freerdp: FreeRDP: Denial of Service via use-after-free in AUDIN format renegotiation BZ - 2438202 - CVE-2026-24491 freerdp: FreeRDP has a heap-use-after-free in video_timer BZ - 2438207 - CVE-2026-23948 freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2() BZ - 2438217 - CVE-2026-24679 freerdp: FreeRDP has a heap-buffer-overflow in urb_select_interface BZ - 2447376 - CVE-2026-31806 freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages CVEs CVE-2026-22852 CVE-2026-22854 CVE-2026-22856 CVE-2026-23732 CVE-2026-23948 CVE-2026-24491 CVE-2026-24676 CVE-2026-24679 CVE-2026-31806 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - AUS 8.2 SRPM freerdp-2.0.0-46.rc4.el8_2.10.src.rpm SHA-256: 85468f0113cc834fa58c291b279ae1b7abec78f3e8bee1c67b048ba4ba260ab1 x86_64 freerdp-2.0.0-46.rc4.el8_2.10.x86_64.rpm SHA-256: cd6c7c52a6c91d7fb0178f084138dfde87168db212bfc38efbb3253d3ff84197 freerdp-debuginfo-2.0.0-46.rc4.el8_2.10.i686.rpm SHA-256: 8c4a28e3ee254985cc7b5e01f7ba0d189f4dfdfc9c12257ae95838866bcce9a4 freerdp-debuginfo-2.0.0-46.rc4.el8_2.10.x86_64.rpm SHA-256: 6eccf7b960a373600f3eea3c152f1b3132b75136177a35e54301c20775df7dae freerdp-debugsource-2.0.0-46.rc4.el8_2.10.i686.rpm SHA-256: ba0ad662a0431de26dc503f5f1c17d8c0052c6fefd3d0679076377d0c1d97df3 freerdp-debugsource-2.0.0-46.rc4.el8_2.10.x86_64.rpm SHA-256: b05835da3d4e3327c4ca7a937fd2e5dec0a6f2beb9d284f1d5978acd36439ec0 freerdp-libs-2.0.0-46.rc4.el8_2.10.i686.rpm SHA-256: 4194450e3c15fa262a58c201274809f4961ae7231a491f89e6b593686c9d518f freerdp-libs-2.0.0-46.rc4.el8_2.10.x86_64.rpm SHA-256: 94cc15716d1303c261e9524a22c66fbc4d7750309b1b46a81672c1617abfa0d0 freerdp-libs-debuginfo-2.0.0-46.rc4.el8_2.10.i686.rpm SHA-256: 7fe5f1a935c647643022eddcb482798f9710c96e466eedb317aaa244eed356f9 freerdp-libs-debuginfo-2.0.0-46.rc4.el8_2.10.x86_64.rpm SHA-256: 38f1eb763406fa22e4cfc2c993627499c8ed9c6115b19ad4eea642bfe326960c libwinpr-2.0.0-46.rc4.el8_2.10.i686.rpm SHA-256: 424109206b856b7cb6a742c2a916545f557eb687298b2c2e93307bde3a9eef7b libwinpr-2.0.0-46.rc4.el8_2.10.x86_64.rpm SHA-256: 7e1ca89268d0ce3d88c69716cc74b4b65f849fe8cde2e1508993edfb7918ee25 libwinpr-debuginfo-2.0.0-46.rc4.el8_2.10.i686.rpm SHA-256: 7b7792c7709c164959821bcdc93f5f6dcbc78f903250783a7a8d43da965c15f6 libwinpr-debuginfo-2.0.0-46.rc4.el8_2.10.x86_64.rpm SHA-256: 372b960318a0e03d6930c9b65ae6f9efa489c74e69abae970670a5600c81de17 libwinpr-devel-2.0.0-46.rc4.el8_2.10.i686.rpm SHA-256: 8b074c94453b8972b2d1ab881a9f507f38cfd4ad93e521de8ddc45a2dc8a5ff6 libwinpr-devel-2.0.0-46.rc4.el8_2.10.x86_64.rpm SHA-256: 42f6cc515d59a76db266f4e88ba88670717fd24ed224970d188df18ea680e0da The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .