Red Hat Product Errata RHSA-2026:16485 - Security Advisory Issued: 2026-05-12 Updated: 2026-05-12 RHSA-2026:16485 - Security Advisory Overview Updated Packages Synopsis Moderate: freerdp security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for freerdp is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): freerdp: FreeRDP: Denial of service due to use-after-free vulnerability (CVE-2026-25952) freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect (CVE-2026-26986) freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity (CVE-2026-27951) freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId (CVE-2026-29775) freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks (CVE-2026-31885) freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0 (CVE-2026-31884) freerdp: FreeRDP: Denial of Service via crafted audio data in RDP (CVE-2026-31883) FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read (CVE-2026-33985) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x Fixes BZ - 2442768 - CVE-2026-25952 freerdp: FreeRDP: Denial of service due to use-after-free vulnerability BZ - 2442782 - CVE-2026-26986 freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect BZ - 2442783 - CVE-2026-27951 freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity BZ - 2447379 - CVE-2026-29775 freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId BZ - 2447383 - CVE-2026-31885 freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks BZ - 2447385 - CVE-2026-31884 freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0 BZ - 2447386 - CVE-2026-31883 freerdp: FreeRDP: Denial of Service via crafted audio data in RDP BZ - 2453217 - CVE-2026-33985 FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read CVEs CVE-2026-25952 CVE-2026-26986 CVE-2026-27951 CVE-2026-29775 CVE-2026-31883 CVE-2026-31884 CVE-2026-31885 CVE-2026-33985 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 SRPM freerdp-2.4.1-3.el9_0.7.src.rpm SHA-256: ca44cfe91727a8b667319c65423c5f8cd2a667ffceb1ab29b7927308d4247118 ppc64le freerdp-2.4.1-3.el9_0.7.ppc64le.rpm SHA-256: 886ccb40dbd3c979cff8dc9e656e6680ffb27bdfd32f45104fa0e35cba64d74d freerdp-debuginfo-2.4.1-3.el9_0.7.ppc64le.rpm SHA-256: 86309eb955eb4b0bdc278e1bba1bdd32aa1f798b922ec2eafbb8229e43cded1b freerdp-debugsource-2.4.1-3.el9_0.7.ppc64le.rpm SHA-256: 53d6bc57721add03dccbd8991cb31bd21648888103655a330fee4148eb10b1e4 freerdp-libs-2.4.1-3.el9_0.7.ppc64le.rpm SHA-256: fce022b82674436e779c7ce24fb65f87ad837e0e01fec0d180e217f723263f7a freerdp-libs-debuginfo-2.4.1-3.el9_0.7.ppc64le.rpm SHA-256: 3c2765c252e8c6d87af9bef88fb28e3e564766d128327d331730851567b0b949 libwinpr-2.4.1-3.el9_0.7.ppc64le.rpm SHA-256: a6367d2a6554b53c8d41d5ecf9aaf07bcdd0930c77091c76ee23b36e72a7a8b8 libwinpr-debuginfo-2.4.1-3.el9_0.7.ppc64le.rpm SHA-256: 0eda93ebe75bc9d7dd2971cb435ec2744873219c852105951c7b58d2c4435c6e Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 SRPM freerdp-2.4.1-3.el9_0.7.src.rpm SHA-256: ca44cfe91727a8b667319c65423c5f8cd2a667ffceb1ab29b7927308d4247118 x86_64 freerdp-2.4.1-3.el9_0.7.x86_64.rpm SHA-256: 55aa8bfade526b8cebe6b131413470044796e267234cfa639cf1fda943434492 freerdp-debuginfo-2.4.1-3.el9_0.7.i686.rpm SHA-256: 82378f3539a00588edaf0432f46b12cec9dcf3cf22e88c64a69d49705acaa746 freerdp-debuginfo-2.4.1-3.el9_0.7.x86_64.rpm SHA-256: 71b5feb950e2c0fd3277b12100375ff4feaf1de12bb15d19285c2ac10ee284cc freerdp-debugsource-2.4.1-3.el9_0.7.i686.rpm SHA-256: 526d328743ed78872b7d80bd886fdd82fa7042371a671cd077a176038865da73 freerdp-debugsource-2.4.1-3.el9_0.7.x86_64.rpm SHA-256: cce341278695534298e8e2e927b8ba25bba17da340a572737293ab16a03c2bc7 freerdp-libs-2.4.1-3.el9_0.7.i686.rpm SHA-256: 55d4ba8ea456c79d81862eb820837f30fea83fb70a7e8ec254970a300816870c freerdp-libs-2.4.1-3.el9_0.7.x86_64.rpm SHA-256: 6b187d2ed68708c5a48de129395fdbd9f9ef5c57655965c942f64e55d4f260ee freerdp-libs-debuginfo-2.4.1-3.el9_0.7.i686.rpm SHA-256: 9b5f26ad16f07038f9ce6f9a7e5d50ccd200c46c77ee08a2151080986694cc61 freerdp-libs-debuginfo-2.4.1-3.el9_0.7.x86_64.rpm SHA-256: 87683282b653bfb889064de336189a0ca56021747c226725b7dc15b634cc0759 libwinpr-2.4.1-3.el9_0.7.i686.rpm SHA-256: be645a67f535c2e3d20ac0482fe4afcd2d65f0061c09ea50a21c30574ca81896 libwinpr-2.4.1-3.el9_0.7.x86_64.rpm SHA-256: 1d3e17ebd969a1b5c2a0fb4100377f8072ffae90a6ba4ecd7cfac2cf48866bef libwinpr-debuginfo-2.4.1-3.el9_0.7.i686.rpm SHA-256: 44e7ca0658686090a46c2794366f2dc133f0ad96a06d633e3486ab05a513e3f8 libwinpr-debuginfo-2.4.1-3.el9_0.7.x86_64.rpm SHA-256: e77175126b44d7ee4df9ce1b23bb4ab17c2794eca1e94240f8f2cc7ebea7f8a9 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 SRPM freerdp-2.4.1-3.el9_0.7.src.rpm SHA-256: ca44cfe91727a8b667319c65423c5f8cd2a667ffceb1ab29b7927308d4247118 aarch64 freerdp-2.4.1-3.el9_0.7.aarch64.rpm SHA-256: 3d8c53c089168cbfe3abaf05bc2f88992cdc37f5ac4c68b947a8127617f30092 freerdp-debuginfo-2.4.1-3.el9_0.7.aarch64.rpm SHA-256: 2859bf7229fa4a2cecde51c787bb40272e54c19e95f13d862ff39dd10b2ce5cb freerdp-debugsource-2.4.1-3.el9_0.7.aarch64.rpm SHA-256: 3ff6c64c9d7867fa35da0ac4dc03cd091f0909c7ff86f2edc704d4de44d1ca82 freerdp-libs-2.4.1-3.el9_0.7.aarch64.rpm SHA-256: 44c75e22837259c4994886b000914f7df095c16cf011fc76c5613357b8d591ba freerdp-libs-debuginfo-2.4.1-3.el9_0.7.aarch64.rpm SHA-256: a3502bfe04005d43ce8045599fca5c72510ec0d4d35f439d3ca22ce04b23f114 libwinpr-2.4.1-3.el9_0.7.aarch64.rpm SHA-256: f420a86a717c26cf44a28c885cd12ca076139fb039d1dd85a49e30f42a41b28d libwinpr-debuginfo-2.4.1-3.el9_0.7.aarch64.rpm SHA-256: ec7dd3a8f68961405d69a55c7e16644764614eafb38a6ff33ff585709846c465 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 SRPM freerdp-2.4.1-3.el9_0.7.src.rpm SHA-256: ca44cfe91727a8b667319c65423c5f8cd2a667ffceb1ab29b7927308d4247118 s390x freerdp-2.4.1-3.el9_0.7.s390x.rpm SHA-256: de63e48ec9f5c2db925842cb2908ac019bb184680a71015f30363c5fc3dca409 freerdp-debuginfo-2.4.1-3.el9_0.7.s390x.rpm SHA-256: f47ffe4a0e7625bf70df10747d28cd07bf5adfdfdc9fa1bc5d65d6439e927a65 freerdp-debugsource-2.4.1-3.el9_0.7.s390x.rpm SHA-256: 7fbd78b7d761afddf1ab25381d5d8ef6f13dcfe09970971e5a5b70acad744dc2 freerdp-libs-2.4.1-3.el9_0.7.s390x.rpm SHA-256: 9b2acc3e4afe84d478dfee564d2583a1881acdd216fb2d3c8daefa7a2ea02f49 freerdp-libs-debuginfo-2.4.1-3.el9_0.7.s390x.rpm SHA-256: 488f8a8f7720d899b2a98c1d157184f5694eeaa20e998b0690b71575d6aa8842 libwinpr-2.4.1-3.el9_0.7.s390x.rpm SHA-256: c6ff56a992498dc3d6b6243f8f1fbfd482bac315d25fe0718419488a3b588c6b libwinpr-debuginfo-2.4.1-3.el9_0.7.s390x.rpm SHA-256: 0acb11635dd0f94e6b2fc5de295bf6ce8fc75b4173f7f2c0d9da6e3ef394a553 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .