Security News

Cybersecurity news aggregator

🔄
HIGH Updates Red Hat Errata

RHSA-2026:11323: Important: freerdp security update

cve-2026-1236enterprisecve-2026-22856cve-2026-22854cve-2026-22852
A critical security update for FreeRDP addresses multiple vulnerabilities, including heap-use-after-free and heap-buffer-overflow flaws, which can be exploited via crafted RDP server messages to potentially cause denial of service or remote code execution. The CVSS scores for these vulnerabilities range up to 9.8 (Critical). Affected versions are FreeRDP versions prior to 3.20.1, and the fix is to upgrade to version 3.20.1.
Read Full Article →

Red Hat Product Errata RHSA-2026:11323 - Security Advisory Issued: 2026-04-28 Updated: 2026-04-28 RHSA-2026:11323 - Security Advisory Overview Updated Packages Synopsis Important: freerdp security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for freerdp is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): freerdp: FreeRDP heap-use-after-free (CVE-2026-22856) freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22854) freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22852) freerdp: FreeRDP: Denial of Service via FastGlyph parsing buffer overflow (CVE-2026-23732) freerdp: FreeRDP: Denial of Service via use-after-free in AUDIN format renegotiation (CVE-2026-24676) freerdp: FreeRDP has a heap-use-after-free in video_timer (CVE-2026-24491) freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2() (CVE-2026-23948) freerdp: FreeRDP has a Heap-use-after-free in play_thread (CVE-2026-24684) freerdp: FreeRDP has a heap-buffer-overflow in urb_select_interface (CVE-2026-24679) freerdp: FreeRDP has a Heap-use-after-free in urb_select_interface (CVE-2026-24675) freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages (CVE-2026-31806) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64 Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64 Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le Fixes BZ - 2429650 - CVE-2026-22856 freerdp: FreeRDP heap-use-after-free BZ - 2429652 - CVE-2026-22854 freerdp: FreeRDP heap-buffer-overflow BZ - 2429654 - CVE-2026-22852 freerdp: FreeRDP heap-buffer-overflow BZ - 2430881 - CVE-2026-23732 freerdp: FreeRDP: Denial of Service via FastGlyph parsing buffer overflow BZ - 2438201 - CVE-2026-24676 freerdp: FreeRDP: Denial of Service via use-after-free in AUDIN format renegotiation BZ - 2438202 - CVE-2026-24491 freerdp: FreeRDP has a heap-use-after-free in video_timer BZ - 2438207 - CVE-2026-23948 freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2() BZ - 2438208 - CVE-2026-24684 freerdp: FreeRDP has a Heap-use-after-free in play_thread BZ - 2438217 - CVE-2026-24679 freerdp: FreeRDP has a heap-buffer-overflow in urb_select_interface BZ - 2438221 - CVE-2026-24675 freerdp: FreeRDP has a Heap-use-after-free in urb_select_interface BZ - 2447376 - CVE-2026-31806 freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages CVEs CVE-2026-22852 CVE-2026-22854 CVE-2026-22856 CVE-2026-23732 CVE-2026-23948 CVE-2026-24491 CVE-2026-24675 CVE-2026-24676 CVE-2026-24679 CVE-2026-24684 CVE-2026-31806 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 SRPM freerdp-2.1.1-5.el7_9.7.src.rpm SHA-256: b36ea9150ad66273d7203c07113afe29656ba6a98e4ec92f512af67856c2bc79 x86_64 freerdp-2.1.1-5.el7_9.7.x86_64.rpm SHA-256: 16a217f170418b4d77b5dcd7160714f2b76eb8908490146fb224484471942080 freerdp-debuginfo-2.1.1-5.el7_9.7.i686.rpm SHA-256: bab079f656db1699f3415ea509dc402901bf98ec54c6b4f3ce6d81a99d65ece1 freerdp-debuginfo-2.1.1-5.el7_9.7.i686.rpm SHA-256: bab079f656db1699f3415ea509dc402901bf98ec54c6b4f3ce6d81a99d65ece1 freerdp-debuginfo-2.1.1-5.el7_9.7.x86_64.rpm SHA-256: efe8e3d16d0ea0312ddd60bbbed8197976c9e53925e4803c881b1f649c031b2c freerdp-debuginfo-2.1.1-5.el7_9.7.x86_64.rpm SHA-256: efe8e3d16d0ea0312ddd60bbbed8197976c9e53925e4803c881b1f649c031b2c freerdp-devel-2.1.1-5.el7_9.7.i686.rpm SHA-256: 946790704d4014133fabae7f42dfbed2e40fe3960f928f474eb32b4db016337f freerdp-devel-2.1.1-5.el7_9.7.x86_64.rpm SHA-256: c2855caa6edd677445f590fd8fbf72f43756371534766bb847c3d9a70f294a41 freerdp-libs-2.1.1-5.el7_9.7.i686.rpm SHA-256: 87eec3b31884876065ff476fc939b2bf84fd5d0873a81698b81221d7c3a7b0af freerdp-libs-2.1.1-5.el7_9.7.x86_64.rpm SHA-256: a7f97d284d0f8855211bcc1b3df3a2e2d69b3204fbe2c4bc570a380199384626 libwinpr-2.1.1-5.el7_9.7.i686.rpm SHA-256: 4f016869fcea87b0ebbd03ec45ce5fb3619067a6dd71f88d7bcbfed65d8d3e91 libwinpr-2.1.1-5.el7_9.7.x86_64.rpm SHA-256: 9b9f033d389f4819e17caff7584f0828fbedb801981e82fe7c4235b7fa7f7e27 libwinpr-devel-2.1.1-5.el7_9.7.i686.rpm SHA-256: fdaa648df6466f99d3e171ad34d5f5f1cfccdc06dd3c482e6fdca221fd0731b7 libwinpr-devel-2.1.1-5.el7_9.7.x86_64.rpm SHA-256: 43ffc7a46a5b9b19fed34bcc6f6d3253c4298978a6f5d0fdaab2dbc8d4c3bf1d Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 SRPM freerdp-2.1.1-5.el7_9.7.src.rpm SHA-256: b36ea9150ad66273d7203c07113afe29656ba6a98e4ec92f512af67856c2bc79 s390x freerdp-2.1.1-5.el7_9.7.s390x.rpm SHA-256: f04ded0403525a63e3a3567735048ebd15b724fa99a51b54efa05c3d15370ba8 freerdp-debuginfo-2.1.1-5.el7_9.7.s390.rpm SHA-256: 59f134159582ec0da571b24031ea90950bc296fd47b6b1cd643299df78e713b5 freerdp-debuginfo-2.1.1-5.el7_9.7.s390.rpm SHA-256: 59f134159582ec0da571b24031ea90950bc296fd47b6b1cd643299df78e713b5 freerdp-debuginfo-2.1.1-5.el7_9.7.s390x.rpm SHA-256: 93541c59986036b3e92301ec0778510408ded32cc150a828b388f7b452dbf69b freerdp-debuginfo-2.1.1-5.el7_9.7.s390x.rpm SHA-256: 93541c59986036b3e92301ec0778510408ded32cc150a828b388f7b452dbf69b freerdp-devel-2.1.1-5.el7_9.7.s390.rpm SHA-256: 42c3729f3a7f1efa32898f7c24f06a481daf66f2b695cb6746bb05fd132ff080 freerdp-devel-2.1.1-5.el7_9.7.s390x.rpm SHA-256: 5aef60136b84c9e7e75d064bff46584d07218e3fe2ae81054c1f8b9773c5f5ad freerdp-libs-2.1.1-5.el7_9.7.s390.rpm SHA-256: 7b25dfb58dfc5308846b729fe22d99cad38b14598f58422b3c42f86e88504022 freerdp-libs-2.1.1-5.el7_9.7.s390x.rpm SHA-256: 76cac751706d8930f01a54eae7df029a19cd232b755b149aba5829459b923b88 libwinpr-2.1.1-5.el7_9.7.s390.rpm SHA-256: b6c08c5aded3fc79f8c097e95770399d6768f25ba3cc871f577a77071f9dceaa libwinpr-2.1.1-5.el7_9.7.s390x.rpm SHA-256: 42d90dee3a046019676e82882394c52e6d0f1dff8d69f1a6cf37e0d0517e1d80 libwinpr-devel-2.1.1-5.el7_9.7.s390.rpm SHA-256: ddae6b1e0a633ee22044be757f26680fba61f3d468d30746f21a0c31d27e073c libwinpr-devel-2.1.1-5.el7_9.7.s390x.rpm SHA-256: f304abf7f8aeaeb0d0d1c731c180d33419dc43af4c3608f6f4fefe5d77ba7d73 Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 SRPM freerdp-2.1.1-5.el7_9.7.src.rpm SHA-256: b36ea9150ad66273d7203c07113afe29656ba6a98e4ec92f512af67856c2bc79 ppc64 freerdp-2.1.1-5.el7_9.7.ppc64.rpm SHA-256: e9aeb96e23348daf186cf6da66352ba55d5d439926ed0bb17ba9a9e8f119db9f freerdp-debuginfo-2.1.1-5.el7_9.7.ppc.rpm SHA-256: 7100c8c83889239cc07cb333883c38c3bcc6555ed58d22ed2d40ea9e049c11ad freerdp-debuginfo-2.1.1-5.el7_9.7.ppc.rpm SHA-256: 7100c8c83889239cc07cb333883c38c3bcc6555ed58d22ed2d40ea9e049c11ad freerdp-debuginfo-2.1.1-5.el7_9.7.ppc64.rpm SHA-256: ddd0c5aea37da6491436474704fbeb61b6ad2eb89bdab98957cb555dbe20853c freerdp-debuginfo-2.1.1-5.el7_9.7.ppc64.rpm SHA-256: ddd0c5aea37da6491436474704fbeb61b6ad2eb89bdab98957cb555dbe20853c freerdp-devel-2.1.1-5.el7_9.7.ppc.rpm SHA-256: 26b6342ff10eb2d3e3f2e817ab2d734d49ccd3f5ffe16bed2cfc70d9307888c4 freerdp-devel-2.1.1-5.el7_9.7.ppc64.rpm SHA-256: c00ae8e282ef8ad25b8aead37bd1b8e31361d1277ed60574280a5aaaeb897b62 freerdp-libs-2.1.1-5.el7_9.7.ppc.rpm SHA-256: 7118eef425e61e090c4cfeedea7da937b0b14879cd2144efe4f84dd40f2160c0 freerdp-libs-2.1.1-5.el7_9.7.ppc64.rpm SHA-256: 8e63d8bb15fa053785d3c899f41d484d0d6cc2a229f4f5000d6ef90d4e2b0117 libwinpr-2.1.1-5.el7_9.7.ppc.rpm SHA-256: aa79ebc6a0c792139f32f5599776b2428ff0ddd8b47e4e029e5d17e821989ccd libwinpr-2.1.1-5.el7_9.7.ppc64.rpm SHA-256: 715dac58dcf5e8c944c2ac410b220d3615375d62b49bc3628faa9a198777c7c1 libwinpr-devel-2.1.1-5.el7_9.7.ppc.rpm SHA-256: 5996c561bd443c8c0afd455ba487ad1f8e7ecf12aa5d5f36d15d45b12be080b1 libwinpr-devel-2.1.1-5.el7_9.7.ppc64.rpm SHA-256: 5902f6168095de5e9be9aeeee17ffa11b0846edb7fd87e4e17eeb425046d73c5 Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 SRPM freerdp-2.1.1-5.el7_9.7.src.rpm SHA-256: b36ea9150ad66273d7203c07113afe29656ba6a98e4ec92f512af67856c2bc79 ppc64le freerdp-2.1.1-5.el7_9.7.ppc64le.rpm SHA-256: 8ec66ee9c40f15f382caf9722aa1dec567f168028b26a8ba2777a140872de5a1 freerdp-debuginfo-2.1.1-5.el7_9.7.ppc64le.rpm SHA-256: 984864c71f80d68d00519ae74cb671cdc9a2e9e46635fa3c69a8924c429620f8 freerdp-debuginfo-2.1.1-5.el7_9.7.ppc64le.rpm SHA-256: 984864c71f80d68d00519ae74cb671cdc9a2e9e46635fa3c69a8924c429620f8 freerdp-devel-2.1.1-5.el7_9.7.ppc64le.rpm SHA-256: aa16a042e82e55065cdd17d8ab059c2da4f7a1f109cdfe118291f957aab16079 freerdp-libs-2.1.1-5.el7_9.7.ppc64le.rpm SHA-256: f2f1baf487d6b7b13da9871d00568a18b41271c8f66a4fef3156c9adff299e9c libwinpr-2.1.1-5.el7_9.7.ppc64le.rpm SHA-256: ddf5166753883347e335655197ff06cfa381b7371ced93204470192da0e8a981 libwinpr-devel-2.1.1-5.el7_9.7.ppc64le.rpm SHA-256: 3c0bdb7aa190036826865344e21fc7b8b948d34a26836d6fd71

Related Articles

HIGH RHSA-2026:10076: Important: freerdp security update Red Hat Errata HIGH RHSA-2026:10735: Important: freerdp security update Red Hat Errata HIGH RHSA-2026:10951: Important: freerdp security update Red Hat Errata INFO RHSA-2026:19033: Important: freerdp security update Red Hat Errata
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn