Security News

Cybersecurity news aggregator

🔄
HIGH Updates Red Hat Errata

RHSA-2026:10951: Important: freerdp security update

cve-2026-1234enterprisecve-2026-22856cve-2026-22854cve-2026-22852
This Important Red Hat security advisory addresses multiple critical vulnerabilities in FreeRDP, including heap buffer overflows and use-after-free flaws, which can be exploited via crafted RDP server messages to cause denial of service or allow arbitrary code execution. The CVSS scores for the listed CVEs range up to 9.8 (CRITICAL). According to NVD data, FreeRDP versions prior to 3.20.1 are affected, and the fix is to upgrade to version 3.20.1.
Read Full Article →

Red Hat Product Errata RHSA-2026:10951 - Security Advisory Issued: 2026-04-27 Updated: 2026-04-27 RHSA-2026:10951 - Security Advisory Overview Updated Packages Synopsis Important: freerdp security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for freerdp is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): freerdp: FreeRDP heap-use-after-free (CVE-2026-22856) freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22854) freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22852) freerdp: FreeRDP: Denial of Service via FastGlyph parsing buffer overflow (CVE-2026-23732) freerdp: FreeRDP: Denial of Service via use-after-free in AUDIN format renegotiation (CVE-2026-24676) freerdp: FreeRDP has a heap-use-after-free in video_timer (CVE-2026-24491) freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2() (CVE-2026-23948) freerdp: FreeRDP has a Heap-use-after-free in play_thread (CVE-2026-24684) freerdp: FreeRDP has a heap-buffer-overflow in urb_select_interface (CVE-2026-24679) freerdp: FreeRDP has a Heap-use-after-free in urb_select_interface (CVE-2026-24675) freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages (CVE-2026-31806) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6 x86_64 Red Hat Enterprise Linux Server - AUS 8.6 x86_64 Red Hat Enterprise Linux Server - TUS 8.6 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64 Fixes BZ - 2429650 - CVE-2026-22856 freerdp: FreeRDP heap-use-after-free BZ - 2429652 - CVE-2026-22854 freerdp: FreeRDP heap-buffer-overflow BZ - 2429654 - CVE-2026-22852 freerdp: FreeRDP heap-buffer-overflow BZ - 2430881 - CVE-2026-23732 freerdp: FreeRDP: Denial of Service via FastGlyph parsing buffer overflow BZ - 2438201 - CVE-2026-24676 freerdp: FreeRDP: Denial of Service via use-after-free in AUDIN format renegotiation BZ - 2438202 - CVE-2026-24491 freerdp: FreeRDP has a heap-use-after-free in video_timer BZ - 2438207 - CVE-2026-23948 freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2() BZ - 2438208 - CVE-2026-24684 freerdp: FreeRDP has a Heap-use-after-free in play_thread BZ - 2438217 - CVE-2026-24679 freerdp: FreeRDP has a heap-buffer-overflow in urb_select_interface BZ - 2438221 - CVE-2026-24675 freerdp: FreeRDP has a Heap-use-after-free in urb_select_interface BZ - 2447376 - CVE-2026-31806 freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages CVEs CVE-2026-22852 CVE-2026-22854 CVE-2026-22856 CVE-2026-23732 CVE-2026-23948 CVE-2026-24491 CVE-2026-24675 CVE-2026-24676 CVE-2026-24679 CVE-2026-24684 CVE-2026-31806 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6 SRPM freerdp-2.2.0-7.el8_6.5.src.rpm SHA-256: b91fc38f7520cde69e0140ecc3dcf928df91411f74c332e91bffc5fd37d3ec3d x86_64 freerdp-2.2.0-7.el8_6.5.x86_64.rpm SHA-256: 90e3c69fbf47393cd246a6242ade8c23c487f86937deb6af524e5a981ee2e736 freerdp-debuginfo-2.2.0-7.el8_6.5.i686.rpm SHA-256: 0d8f4bbdd5dcfff9c8511c4a0b7dfaa59c856cc4d5ab688e6ced44127079e494 freerdp-debuginfo-2.2.0-7.el8_6.5.x86_64.rpm SHA-256: 1a25e41cbf7628a3baafa557a8c1a675476f91282cea4bb4349ac0e07e668a44 freerdp-debugsource-2.2.0-7.el8_6.5.i686.rpm SHA-256: 7e49197ecb015b6d6e02ac0dbe636973fe47b9879e66356737635a7bcbbdaa95 freerdp-debugsource-2.2.0-7.el8_6.5.x86_64.rpm SHA-256: 0e2315a4bfc69441323309b103c2aef3183b612f2caf3638dc76f0d0f4b4821c freerdp-libs-2.2.0-7.el8_6.5.i686.rpm SHA-256: aa6eaffec091d00fd32a117d348fb0d4ecf7bddafb8f226b583793da5cfa0d32 freerdp-libs-2.2.0-7.el8_6.5.x86_64.rpm SHA-256: 56bb6b4d21bd206c96884fd0d917cf1513dc77525e07272983031ce720515cca freerdp-libs-debuginfo-2.2.0-7.el8_6.5.i686.rpm SHA-256: cec269992ffa0905e9eb85fce480fd2fee89d1840b1eebfea8789b2e8addd4b7 freerdp-libs-debuginfo-2.2.0-7.el8_6.5.x86_64.rpm SHA-256: b3c27e0408d3f5ba7a718df1f19723936fa60b1779ffa01c00f9aa01210f79b7 libwinpr-2.2.0-7.el8_6.5.i686.rpm SHA-256: 11f837f435ca7a2c899e24046c22db6148d505b07e177156802f2034b0334ae0 libwinpr-2.2.0-7.el8_6.5.x86_64.rpm SHA-256: 5fbefbdac65ba31b1fcb54095deae60b315e677fe16745ef0368192012e93a7c libwinpr-debuginfo-2.2.0-7.el8_6.5.i686.rpm SHA-256: 70d698a0916d049341b31e8b6add53c612da2c0e2481e9c202cc7d6919d79fcb libwinpr-debuginfo-2.2.0-7.el8_6.5.x86_64.rpm SHA-256: 7f4c38471493ef42251388b4a12b66988d1344b14ef5efb12bb992977b58e8ba libwinpr-devel-2.2.0-7.el8_6.5.i686.rpm SHA-256: 54e5595aef0cf4aeba704dd138ae1ad5728a319252658b2ab44b304a69b96705 libwinpr-devel-2.2.0-7.el8_6.5.x86_64.rpm SHA-256: 8412f280c1bb330222e51c270ea3d66f2e7c50657f9d899ef3cf8e5fd6f19201 Red Hat Enterprise Linux Server - AUS 8.6 SRPM freerdp-2.2.0-7.el8_6.5.src.rpm SHA-256: b91fc38f7520cde69e0140ecc3dcf928df91411f74c332e91bffc5fd37d3ec3d x86_64 freerdp-2.2.0-7.el8_6.5.x86_64.rpm SHA-256: 90e3c69fbf47393cd246a6242ade8c23c487f86937deb6af524e5a981ee2e736 freerdp-debuginfo-2.2.0-7.el8_6.5.i686.rpm SHA-256: 0d8f4bbdd5dcfff9c8511c4a0b7dfaa59c856cc4d5ab688e6ced44127079e494 freerdp-debuginfo-2.2.0-7.el8_6.5.x86_64.rpm SHA-256: 1a25e41cbf7628a3baafa557a8c1a675476f91282cea4bb4349ac0e07e668a44 freerdp-debugsource-2.2.0-7.el8_6.5.i686.rpm SHA-256: 7e49197ecb015b6d6e02ac0dbe636973fe47b9879e66356737635a7bcbbdaa95 freerdp-debugsource-2.2.0-7.el8_6.5.x86_64.rpm SHA-256: 0e2315a4bfc69441323309b103c2aef3183b612f2caf3638dc76f0d0f4b4821c freerdp-libs-2.2.0-7.el8_6.5.i686.rpm SHA-256: aa6eaffec091d00fd32a117d348fb0d4ecf7bddafb8f226b583793da5cfa0d32 freerdp-libs-2.2.0-7.el8_6.5.x86_64.rpm SHA-256: 56bb6b4d21bd206c96884fd0d917cf1513dc77525e07272983031ce720515cca freerdp-libs-debuginfo-2.2.0-7.el8_6.5.i686.rpm SHA-256: cec269992ffa0905e9eb85fce480fd2fee89d1840b1eebfea8789b2e8addd4b7 freerdp-libs-debuginfo-2.2.0-7.el8_6.5.x86_64.rpm SHA-256: b3c27e0408d3f5ba7a718df1f19723936fa60b1779ffa01c00f9aa01210f79b7 libwinpr-2.2.0-7.el8_6.5.i686.rpm SHA-256: 11f837f435ca7a2c899e24046c22db6148d505b07e177156802f2034b0334ae0 libwinpr-2.2.0-7.el8_6.5.x86_64.rpm SHA-256: 5fbefbdac65ba31b1fcb54095deae60b315e677fe16745ef0368192012e93a7c libwinpr-debuginfo-2.2.0-7.el8_6.5.i686.rpm SHA-256: 70d698a0916d049341b31e8b6add53c612da2c0e2481e9c202cc7d6919d79fcb libwinpr-debuginfo-2.2.0-7.el8_6.5.x86_64.rpm SHA-256: 7f4c38471493ef42251388b4a12b66988d1344b14ef5efb12bb992977b58e8ba libwinpr-devel-2.2.0-7.el8_6.5.i686.rpm SHA-256: 54e5595aef0cf4aeba704dd138ae1ad5728a319252658b2ab44b304a69b96705 libwinpr-devel-2.2.0-7.el8_6.5.x86_64.rpm SHA-256: 8412f280c1bb330222e51c270ea3d66f2e7c50657f9d899ef3cf8e5fd6f19201 Red Hat Enterprise Linux Server - TUS 8.6 SRPM freerdp-2.2.0-7.el8_6.5.src.rpm SHA-256: b91fc38f7520cde69e0140ecc3dcf928df91411f74c332e91bffc5fd37d3ec3d x86_64 freerdp-2.2.0-7.el8_6.5.x86_64.rpm SHA-256: 90e3c69fbf47393cd246a6242ade8c23c487f86937deb6af524e5a981ee2e736 freerdp-debuginfo-2.2.0-7.el8_6.5.i686.rpm SHA-256: 0d8f4bbdd5dcfff9c8511c4a0b7dfaa59c856cc4d5ab688e6ced44127079e494 freerdp-debuginfo-2.2.0-7.el8_6.5.x86_64.rpm SHA-256: 1a25e41cbf7628a3baafa557a8c1a675476f91282cea4bb4349ac0e07e668a44 freerdp-debugsource-2.2.0-7.el8_6.5.i686.rpm SHA-256: 7e49197ecb015b6d6e02ac0dbe636973fe47b9879e66356737635a7bcbbdaa95 freerdp-debugsource-2.2.0-7.el8_6.5.x86_64.rpm SHA-256: 0e2315a4bfc69441323309b103c2aef3183b612f2caf3638dc76f0d0f4b4821c freerdp-libs-2.2.0-7.el8_6.5.i686.rpm SHA-256: aa6eaffec091d00fd32a117d348fb0d4ecf7bddafb8f226b583793da5cfa0d32 freerdp-libs-2.2.0-7.el8_6.5.x86_64.rpm SHA-256: 56bb6b4d21bd206c96884fd0d917cf1513dc77525e07272983031ce720515cca freerdp-libs-debuginfo-2.2.0-7.el8_6.5.i686.rpm SHA-256: cec269992ffa0905e9eb85fce480fd2fee89d1840b1eebfea8789b2e8addd4b7 freerdp-libs-debuginfo-2.2.0-7.el8_6.5.x86_64.rpm SHA-256: b3c27e0408d3f5ba7a718df1f19723936fa60b1779ffa01c00f9aa01210f79b7 libwinpr-2.2.0-7.el8_6.5.i686.rpm SHA-256: 11f837f435ca7a2c899e24046c22db6148d505b07e177156802f2034b0334ae0 libwinpr-2.2.0-7.el8_6.5.x86_64.rpm SHA-256: 5fbefbdac65ba31b1fcb54095deae60b315e677fe16745ef0368192012e93a7c libwinpr-debuginfo-2.2.0-7.el8_6.5.i686.rpm SHA-256: 70d698a0916d049341b31e8b6add53c612da2c0e2481e9c202cc7d6919d79fcb libwinpr-debuginfo-2.2.0-7.el8_6.5.x86_64.rpm SHA-256: 7f4c38471493ef42251388b4a12b66988d1344b14ef5efb12bb992977b58e8ba libwinpr-devel-2.2.0-7.el8_6.5.i686.rpm SHA-256: 54e5595aef0cf4aeba704dd138ae1ad5728a319252658b2ab44b304a69b96705 libwinpr-devel-2.2.0-7.el8_6.5.x86_64.rpm SHA-256: 8412f280c1bb330222e51c270ea3d66f2e7c50657f9d899ef3cf8e5fd6f19201 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 SRPM freerdp-2.2.0-7.el8_6.5.src.rpm SHA-256: b91fc38f7520cde69e0140ecc3dcf928df91411f74c332e91bffc5fd37d3ec3d ppc64le freerdp-2.2.0-7.el8_6.5.ppc64le.rpm SHA-256: 3129b33c85a1ae6a0fc

Related Articles

HIGH RHSA-2026:10076: Important: freerdp security update Red Hat Errata HIGH RHSA-2026:10735: Important: freerdp security update Red Hat Errata HIGH RHSA-2026:11323: Important: freerdp security update Red Hat Errata INFO RHSA-2026:19033: Important: freerdp security update Red Hat Errata
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn