Red Hat Product Errata RHSA-2026:16865 - Security Advisory Issued: 2026-05-13 Updated: 2026-05-13 RHSA-2026:16865 - Security Advisory Overview Updated Packages Synopsis Moderate: freerdp security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for freerdp is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): freerdp: FreeRDP: Denial of service due to use-after-free vulnerability (CVE-2026-25952) freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect (CVE-2026-26986) freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity (CVE-2026-27951) freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId (CVE-2026-29775) freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks (CVE-2026-31885) freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0 (CVE-2026-31884) freerdp: FreeRDP: Denial of Service via crafted audio data in RDP (CVE-2026-31883) FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read (CVE-2026-33985) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2442768 - CVE-2026-25952 freerdp: FreeRDP: Denial of service due to use-after-free vulnerability BZ - 2442782 - CVE-2026-26986 freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect BZ - 2442783 - CVE-2026-27951 freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity BZ - 2447379 - CVE-2026-29775 freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId BZ - 2447383 - CVE-2026-31885 freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks BZ - 2447385 - CVE-2026-31884 freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0 BZ - 2447386 - CVE-2026-31883 freerdp: FreeRDP: Denial of Service via crafted audio data in RDP BZ - 2453217 - CVE-2026-33985 FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read CVEs CVE-2026-25952 CVE-2026-26986 CVE-2026-27951 CVE-2026-29775 CVE-2026-31883 CVE-2026-31884 CVE-2026-31885 CVE-2026-33985 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM freerdp-2.11.7-1.el9_6.10.src.rpm SHA-256: 65b04a0617a7c6d2a75d38b3e609914eced81b7601798e879b77e4dfe81f8481 x86_64 freerdp-2.11.7-1.el9_6.10.x86_64.rpm SHA-256: 2a6af92a6e166e8eba6fa028b7e22a6254448736353cf0f3155e54a7ea4feeab freerdp-debuginfo-2.11.7-1.el9_6.10.i686.rpm SHA-256: 9dad93169467e62475b6452cc84dcb7ab8e0d73f3cfb1b5a7becaf5201d38030 freerdp-debuginfo-2.11.7-1.el9_6.10.x86_64.rpm SHA-256: 0d7c563904b744e4e1f9bdc4b448c64462f9a3aa94fb6343bd7b9ac3ab5c5d5f freerdp-debugsource-2.11.7-1.el9_6.10.i686.rpm SHA-256: e0350134e48fd85e58e8274467bede2f71a8d6d2aab9d7890e16178ae7c80c30 freerdp-debugsource-2.11.7-1.el9_6.10.x86_64.rpm SHA-256: f2caaba19103bfad3f105c8da1528ecf051482b2ea76ffb4118e3639608bff81 freerdp-libs-2.11.7-1.el9_6.10.i686.rpm SHA-256: 192699b178598ae2316c8ca5b6a2a72bf66097239350767dec5e51b6d9725e87 freerdp-libs-2.11.7-1.el9_6.10.x86_64.rpm SHA-256: 60604f797771ec7242c566cab234ea49bbd7caa184932d67ec342968f0e61516 freerdp-libs-debuginfo-2.11.7-1.el9_6.10.i686.rpm SHA-256: ef5a19984c8fae93342387252ee9202ba82d12c220bccc5bff4d9d8467495ab2 freerdp-libs-debuginfo-2.11.7-1.el9_6.10.x86_64.rpm SHA-256: 3ab4c732a5ef1c417587d251d30482be7c730d44c0774e20d1a2dccb06bac58d libwinpr-2.11.7-1.el9_6.10.i686.rpm SHA-256: 814889356c0cc1f21bfac80d1c860ff5cdfc5e50cdf0b2bc3b2eeec314dd7693 libwinpr-2.11.7-1.el9_6.10.x86_64.rpm SHA-256: c88b2c43ff2e0b9e4841c4e31ad35a9c773c790a9f4da2977a9f55a8f4ad7e43 libwinpr-debuginfo-2.11.7-1.el9_6.10.i686.rpm SHA-256: 008b5033e16c9d37c61b930aefdc94a4e0cd8a7f678489741a271d887800f36f libwinpr-debuginfo-2.11.7-1.el9_6.10.x86_64.rpm SHA-256: ef007ae5aa9c760809ce17ab296cee102a815ec142df62539d165bd9024f2d8c Red Hat Enterprise Linux Server - AUS 9.6 SRPM freerdp-2.11.7-1.el9_6.10.src.rpm SHA-256: 65b04a0617a7c6d2a75d38b3e609914eced81b7601798e879b77e4dfe81f8481 x86_64 freerdp-2.11.7-1.el9_6.10.x86_64.rpm SHA-256: 2a6af92a6e166e8eba6fa028b7e22a6254448736353cf0f3155e54a7ea4feeab freerdp-debuginfo-2.11.7-1.el9_6.10.i686.rpm SHA-256: 9dad93169467e62475b6452cc84dcb7ab8e0d73f3cfb1b5a7becaf5201d38030 freerdp-debuginfo-2.11.7-1.el9_6.10.x86_64.rpm SHA-256: 0d7c563904b744e4e1f9bdc4b448c64462f9a3aa94fb6343bd7b9ac3ab5c5d5f freerdp-debugsource-2.11.7-1.el9_6.10.i686.rpm SHA-256: e0350134e48fd85e58e8274467bede2f71a8d6d2aab9d7890e16178ae7c80c30 freerdp-debugsource-2.11.7-1.el9_6.10.x86_64.rpm SHA-256: f2caaba19103bfad3f105c8da1528ecf051482b2ea76ffb4118e3639608bff81 freerdp-libs-2.11.7-1.el9_6.10.i686.rpm SHA-256: 192699b178598ae2316c8ca5b6a2a72bf66097239350767dec5e51b6d9725e87 freerdp-libs-2.11.7-1.el9_6.10.x86_64.rpm SHA-256: 60604f797771ec7242c566cab234ea49bbd7caa184932d67ec342968f0e61516 freerdp-libs-debuginfo-2.11.7-1.el9_6.10.i686.rpm SHA-256: ef5a19984c8fae93342387252ee9202ba82d12c220bccc5bff4d9d8467495ab2 freerdp-libs-debuginfo-2.11.7-1.el9_6.10.x86_64.rpm SHA-256: 3ab4c732a5ef1c417587d251d30482be7c730d44c0774e20d1a2dccb06bac58d libwinpr-2.11.7-1.el9_6.10.i686.rpm SHA-256: 814889356c0cc1f21bfac80d1c860ff5cdfc5e50cdf0b2bc3b2eeec314dd7693 libwinpr-2.11.7-1.el9_6.10.x86_64.rpm SHA-256: c88b2c43ff2e0b9e4841c4e31ad35a9c773c790a9f4da2977a9f55a8f4ad7e43 libwinpr-debuginfo-2.11.7-1.el9_6.10.i686.rpm SHA-256: 008b5033e16c9d37c61b930aefdc94a4e0cd8a7f678489741a271d887800f36f libwinpr-debuginfo-2.11.7-1.el9_6.10.x86_64.rpm SHA-256: ef007ae5aa9c760809ce17ab296cee102a815ec142df62539d165bd9024f2d8c Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM freerdp-2.11.7-1.el9_6.10.src.rpm SHA-256: 65b04a0617a7c6d2a75d38b3e609914eced81b7601798e879b77e4dfe81f8481 s390x freerdp-2.11.7-1.el9_6.10.s390x.rpm SHA-256: 0155fb851d2b537704152ef379c8f08225b8500210f44428c42166000eaca8f5 freerdp-debuginfo-2.11.7-1.el9_6.10.s390x.rpm SHA-256: b687b8d8e87fba644cb799a89ea696fe51fb70d31f493d5480f59b0c7598d939 freerdp-debugsource-2.11.7-1.el9_6.10.s390x.rpm SHA-256: 55bdef0ea66693986ee7e19df5da5a3bf07693fedcad8b40064c2dd4284d955b freerdp-libs-2.11.7-1.el9_6.10.s390x.rpm SHA-256: 4c4251bdcf7109f61e0d418b850a3e9b1b631d380dc61dae2e300b215827bd2f freerdp-libs-debuginfo-2.11.7-1.el9_6.10.s390x.rpm SHA-256: e88274c7f8fc6742e5a380b8aa9fa974bd3d7fbdd9863f48b592e57bd7f46028 libwinpr-2.11.7-1.el9_6.10.s390x.rpm SHA-256: f84c01b673019f6be6c74a350a393606b2af5f4ad76eb1bebb14a450858a4c31 libwinpr-debuginfo-2.11.7-1.el9_6.10.s390x.rpm SHA-256: 1970b93c013e8c906f191f187aa9dfa14fd7850d83e9e8fdf7b07c5279c3374d Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 SRPM freerdp-2.11.7-1.el9_6.10.src.rpm SHA-256: 65b04a0617a7c6d2a75d38b3e609914eced81b7601798e879b77e4dfe81f8481 ppc64le freerdp-2.11.7-1.el9_6.10.ppc64le.rpm SHA-256: 98958c36143d36888cb0486ac0eafdeceed504b734d7fdc0f586ca4f8488cfb5 freerdp-debuginfo-2.11.7-1.el9_6.10.ppc64le.rpm SHA-256: d288c3fbc8b4e68637bc4535ac56bb54997f9b54dc5b4525b0e809de3a4ad753 freerdp-debugsource-2.11.7-1.el9_6.10.ppc64le.rpm SHA-256: 87df1abf6c8753efb824ceefddd24167b0ed76b11b0298b8ec0246872d592e54 freerdp-libs-2.11.7-1.el9_6.10.ppc64le.rpm SHA-256: 2a852b4ea861d42117104e6c49752a3a1b80cfe432a572252c3cfb2bf74b9b4a freerdp-libs-debuginfo-2.11.7-1.el9_6.10.ppc64le.rpm SHA-256: bd056fda345efd0e32275c04cc9cc4692b0395cf6333d936280ce276c8eb07fa libwinpr-2.11.7-1.el9_6.10.ppc64le.rpm SHA-256: 1c71b0165a841aabe6a9ecf140ddd028b3230a2b310457