Red Hat Product Errata RHSA-2026:16866 - Security Advisory Issued: 2026-05-13 Updated: 2026-05-13 RHSA-2026:16866 - Security Advisory Overview Updated Packages Synopsis Moderate: freerdp security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for freerdp is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): freerdp: FreeRDP: Denial of service due to use-after-free vulnerability (CVE-2026-25952) freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect (CVE-2026-26986) freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity (CVE-2026-27951) freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId (CVE-2026-29775) freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks (CVE-2026-31885) freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0 (CVE-2026-31884) freerdp: FreeRDP: Denial of Service via crafted audio data in RDP (CVE-2026-31883) FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read (CVE-2026-33985) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Fixes BZ - 2442768 - CVE-2026-25952 freerdp: FreeRDP: Denial of service due to use-after-free vulnerability BZ - 2442782 - CVE-2026-26986 freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect BZ - 2442783 - CVE-2026-27951 freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity BZ - 2447379 - CVE-2026-29775 freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId BZ - 2447383 - CVE-2026-31885 freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks BZ - 2447385 - CVE-2026-31884 freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0 BZ - 2447386 - CVE-2026-31883 freerdp: FreeRDP: Denial of Service via crafted audio data in RDP BZ - 2453217 - CVE-2026-33985 FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read CVEs CVE-2026-25952 CVE-2026-26986 CVE-2026-27951 CVE-2026-29775 CVE-2026-31883 CVE-2026-31884 CVE-2026-31885 CVE-2026-33985 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM freerdp-2.11.2-1.el9_4.8.src.rpm SHA-256: 0ac199b1b099d9c96addcbb39ef7d3f7880d2f0f3cde76f4252028f787d5aaa0 x86_64 freerdp-2.11.2-1.el9_4.8.x86_64.rpm SHA-256: 15225231de067c994bd9d69a296c9af0146483a40c37d55dfe62210ed206108a freerdp-debuginfo-2.11.2-1.el9_4.8.i686.rpm SHA-256: 9f565597eddda2065b8475b8007ce27b03dd86dc7966a714a8c06b35c2a245f8 freerdp-debuginfo-2.11.2-1.el9_4.8.x86_64.rpm SHA-256: 0a557e8ecf912fa1b15a900c2aaa1a8a7fe0793d6be6d082e2c253201079e5a9 freerdp-debugsource-2.11.2-1.el9_4.8.i686.rpm SHA-256: faa1328de4463fa75b0ec1b4535062cb5a7268113f7e5449e6597fee11e9061d freerdp-debugsource-2.11.2-1.el9_4.8.x86_64.rpm SHA-256: 759c794360824b52ce1669a15195e5afed278769ad6c9480cd552d3f344d52c5 freerdp-libs-2.11.2-1.el9_4.8.i686.rpm SHA-256: 41858e854af5b0a1b867a37689ec519569942cf2c9ec1d091d57dd8919a1a385 freerdp-libs-2.11.2-1.el9_4.8.x86_64.rpm SHA-256: a23ca57c7f73307bfddf317502bf5e1f77360c126b9bb4d824eae62317daab6f freerdp-libs-debuginfo-2.11.2-1.el9_4.8.i686.rpm SHA-256: 9f681cdf1663c10649f1740dfa01a8ed0a91a85094dc95f81f61c24a6fe5db04 freerdp-libs-debuginfo-2.11.2-1.el9_4.8.x86_64.rpm SHA-256: 8a2f40e7eea44df7e54c3a473a33a390d03501c488a06ae00c3454e830cb0d9b libwinpr-2.11.2-1.el9_4.8.i686.rpm SHA-256: 7c5e866b0714eec7b879146acc9f954df03f0a5c6016cf08677fdda768221413 libwinpr-2.11.2-1.el9_4.8.x86_64.rpm SHA-256: e57bead3669912dbec1a362d250b688a7d28d74d88e7926df7b6bf8475b81936 libwinpr-debuginfo-2.11.2-1.el9_4.8.i686.rpm SHA-256: 6ac613d2b549c636f6a76f517e5ee5a631364561f25f6558ae7dcdc97266fc70 libwinpr-debuginfo-2.11.2-1.el9_4.8.x86_64.rpm SHA-256: cd5beb15bd5a9c97d414b0ae0e95295011a149c8eef033c7d2e9260825f2d8f5 Red Hat Enterprise Linux Server - AUS 9.4 SRPM freerdp-2.11.2-1.el9_4.8.src.rpm SHA-256: 0ac199b1b099d9c96addcbb39ef7d3f7880d2f0f3cde76f4252028f787d5aaa0 x86_64 freerdp-2.11.2-1.el9_4.8.x86_64.rpm SHA-256: 15225231de067c994bd9d69a296c9af0146483a40c37d55dfe62210ed206108a freerdp-debuginfo-2.11.2-1.el9_4.8.i686.rpm SHA-256: 9f565597eddda2065b8475b8007ce27b03dd86dc7966a714a8c06b35c2a245f8 freerdp-debuginfo-2.11.2-1.el9_4.8.x86_64.rpm SHA-256: 0a557e8ecf912fa1b15a900c2aaa1a8a7fe0793d6be6d082e2c253201079e5a9 freerdp-debugsource-2.11.2-1.el9_4.8.i686.rpm SHA-256: faa1328de4463fa75b0ec1b4535062cb5a7268113f7e5449e6597fee11e9061d freerdp-debugsource-2.11.2-1.el9_4.8.x86_64.rpm SHA-256: 759c794360824b52ce1669a15195e5afed278769ad6c9480cd552d3f344d52c5 freerdp-libs-2.11.2-1.el9_4.8.i686.rpm SHA-256: 41858e854af5b0a1b867a37689ec519569942cf2c9ec1d091d57dd8919a1a385 freerdp-libs-2.11.2-1.el9_4.8.x86_64.rpm SHA-256: a23ca57c7f73307bfddf317502bf5e1f77360c126b9bb4d824eae62317daab6f freerdp-libs-debuginfo-2.11.2-1.el9_4.8.i686.rpm SHA-256: 9f681cdf1663c10649f1740dfa01a8ed0a91a85094dc95f81f61c24a6fe5db04 freerdp-libs-debuginfo-2.11.2-1.el9_4.8.x86_64.rpm SHA-256: 8a2f40e7eea44df7e54c3a473a33a390d03501c488a06ae00c3454e830cb0d9b libwinpr-2.11.2-1.el9_4.8.i686.rpm SHA-256: 7c5e866b0714eec7b879146acc9f954df03f0a5c6016cf08677fdda768221413 libwinpr-2.11.2-1.el9_4.8.x86_64.rpm SHA-256: e57bead3669912dbec1a362d250b688a7d28d74d88e7926df7b6bf8475b81936 libwinpr-debuginfo-2.11.2-1.el9_4.8.i686.rpm SHA-256: 6ac613d2b549c636f6a76f517e5ee5a631364561f25f6558ae7dcdc97266fc70 libwinpr-debuginfo-2.11.2-1.el9_4.8.x86_64.rpm SHA-256: cd5beb15bd5a9c97d414b0ae0e95295011a149c8eef033c7d2e9260825f2d8f5 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 SRPM freerdp-2.11.2-1.el9_4.8.src.rpm SHA-256: 0ac199b1b099d9c96addcbb39ef7d3f7880d2f0f3cde76f4252028f787d5aaa0 s390x freerdp-2.11.2-1.el9_4.8.s390x.rpm SHA-256: 29211943f20f44d18f22827f2834dcf8b7c9dd7b0d940417e260577659fef912 freerdp-debuginfo-2.11.2-1.el9_4.8.s390x.rpm SHA-256: 3d5b6eceef6416231eb2fbba1dece8ef9b1e06fc8e80aa7c015716dc82175d28 freerdp-debugsource-2.11.2-1.el9_4.8.s390x.rpm SHA-256: fd2a1db1afe910ea7d85ddefd191ff96a1cf09471fa3d4210dab03a29208491b freerdp-libs-2.11.2-1.el9_4.8.s390x.rpm SHA-256: 294d38af8c95f4649ec29927fdf5359bdfa84579ab94f414402b069e30fa1c21 freerdp-libs-debuginfo-2.11.2-1.el9_4.8.s390x.rpm SHA-256: 35a64380dcfe2cdf72ab8e1db3c197fd5b8658b2bbebae24db88372edfe063ae libwinpr-2.11.2-1.el9_4.8.s390x.rpm SHA-256: c0eb89e8bd49a12cd62cc6b17f6b19ce9db949b5326a2bffedcd26d6628cd3b9 libwinpr-debuginfo-2.11.2-1.el9_4.8.s390x.rpm SHA-256: 1282f606453b775ec301931deeef2cbc5a0d5f3d95e22b4538781bdc95693866 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 SRPM freerdp-2.11.2-1.el9_4.8.src.rpm SHA-256: 0ac199b1b099d9c96addcbb39ef7d3f7880d2f0f3cde76f4252028f787d5aaa0 ppc64le freerdp-2.11.2-1.el9_4.8.ppc64le.rpm SHA-256: e9095a9c3644beea62b069ed96311254722e17b3db8a5ef47672c8f76ee4fb48 freerdp-debuginfo-2.11.2-1.el9_4.8.ppc64le.rpm SHA-256: 5b816b17f272f002ea0ec5cf8f19a9c7b9de9e35b2d794dd7ad0e95eb5fd47f0 freerdp-debugsource-2.11.2-1.el9_4.8.ppc64le.rpm SHA-256: 25750f9591f452c123fb0811f84d4ab8b5ad6c3c50871e9610b6ede740637ba2 freerdp-libs-2.11.2-1.el9_4.8.ppc64le.rpm SHA-256: d30be1cf3083cbe61f918d7a19f35a6ab6c0471235912458d1b16467835087b8 freerdp-libs-debuginfo-2.11.2-1.el9_4.8.ppc64le.rpm SHA-256: 122cd8a28fe295368373d9ed3419131dcbfd7fa80912c511876ae5c1c82e2d00 libwinpr-2.11.2-1.el9_4.8.ppc64le.rpm SHA-256: 15171782fdeea1587e1a403f30d9ce3090c82a392fd4d29f58ed69380d4e5872 libwinpr-debuginfo-2.11.