- What: Security update for freerdp
- Impact: Red Hat Enterprise Linux 10 systems affected
Red Hat Product Errata RHSA-2026:19033 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19033 - Security Advisory Overview Updated Packages Synopsis Important: freerdp security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for freerdp is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22855) freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22853) freerdp: FreeRDP global-buffer-overflow (CVE-2026-22858) freerdp: FreeRDP heap-use-after-free (CVE-2026-22856) freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22854) freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22859) freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22852) freerdp: FreeRDP: Denial of Service via FastGlyph parsing buffer overflow (CVE-2026-23732) freerdp: FreeRDP: Denial of Service via use after free in ecam_channel_write (CVE-2026-24678) freerdp: FreeRDP: Denial of Service via use-after-free in AUDIN format renegotiation (CVE-2026-24676) freerdp: FreeRDP has a heap-use-after-free in video_timer (CVE-2026-24491) freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2() (CVE-2026-23948) freerdp: FreeRDP has a Heap-use-after-free in play_thread (CVE-2026-24684) freerdp: FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb (CVE-2026-24681) freerdp: FreeRDP has a Heap-buffer-overflow in audio_formats_free (CVE-2026-24682) freerdp: FreeRDP has a heap-use-after-free in ainput_send_input_event (CVE-2026-24683) freerdp: FreeRDP has a heap-buffer-overflow in urb_select_interface (CVE-2026-24679) freerdp: FreeRDP has a Heap-use-after-free in urb_select_interface (CVE-2026-24675) freerdp: FreeRDP: Arbitrary code execution via heap out-of-bounds write in RLE planar decode path (CVE-2026-26965) freerdp: FreeRDP: Arbitrary code execution via heap buffer overflow in GDI surface pipeline (CVE-2026-26955) freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages (CVE-2026-31806) FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution via crafted pixel data (CVE-2026-33984) FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages (CVE-2026-33983) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.2 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.2 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x Fixes BZ - 2429645 - CVE-2026-22855 freerdp: FreeRDP heap-buffer-overflow BZ - 2429647 - CVE-2026-22853 freerdp: FreeRDP heap-buffer-overflow BZ - 2429649 - CVE-2026-22858 freerdp: FreeRDP global-buffer-overflow BZ - 2429650 - CVE-2026-22856 freerdp: FreeRDP heap-use-after-free BZ - 2429652 - CVE-2026-22854 freerdp: FreeRDP heap-buffer-overflow BZ - 2429653 - CVE-2026-22859 freerdp: FreeRDP heap-buffer-overflow BZ - 2429654 - CVE-2026-22852 freerdp: FreeRDP heap-buffer-overflow BZ - 2430881 - CVE-2026-23732 freerdp: FreeRDP: Denial of Service via FastGlyph parsing buffer overflow BZ - 2438197 - CVE-2026-24678 freerdp: FreeRDP: Denial of Service via use after free in ecam_channel_write BZ - 2438201 - CVE-2026-24676 freerdp: FreeRDP: Denial of Service via use-after-free in AUDIN format renegotiation BZ - 2438202 - CVE-2026-24491 freerdp: FreeRDP has a heap-use-after-free in video_timer BZ - 2438207 - CVE-2026-23948 freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2() BZ - 2438208 - CVE-2026-24684 freerdp: FreeRDP has a Heap-use-after-free in play_thread BZ - 2438210 - CVE-2026-24681 freerdp: FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb BZ - 2438212 - CVE-2026-24682 freerdp: FreeRDP has a Heap-buffer-overflow in audio_formats_free BZ - 2438216 - CVE-2026-24683 freerdp: FreeRDP has a heap-use-after-free in ainput_send_input_event BZ - 2438217 - CVE-2026-24679 freerdp: FreeRDP has a heap-buffer-overflow in urb_select_interface BZ - 2438221 - CVE-2026-24675 freerdp: FreeRDP has a Heap-use-after-free in urb_select_interface BZ - 2442959 - CVE-2026-26965 freerdp: FreeRDP: Arbitrary code execution via heap out-of-bounds write in RLE planar decode path BZ - 2443132 - CVE-2026-26955 freerdp: FreeRDP: Arbitrary code execution via heap buffer overflow in GDI surface pipeline BZ - 2447376 - CVE-2026-31806 freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages BZ - 2453219 - CVE-2026-33984 FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution via crafted pixel data BZ - 2453220 - CVE-2026-33983 FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages CVEs CVE-2026-22852 CVE-2026-22853 CVE-2026-22854 CVE-2026-22855 CVE-2026-22856 CVE-2026-22858 CVE-2026-22859 CVE-2026-23732 CVE-2026-23948 CVE-2026-24491 CVE-2026-24675 CVE-2026-24676 CVE-2026-24678 CVE-2026-24679 CVE-2026-24681 CVE-2026-24682 CVE-2026-24683 CVE-2026-24684 CVE-2026-26955 CVE-2026-26965 CVE-2026-31806 CVE-2026-33983 CVE-2026-33984 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM freerdp-3.10.3-12.el10_2.2.src.rpm SHA-256: 51a29bcd00e3ff8a72d2455b53807e29e43ae2458fab3f257dcc4721271f59f2 x86_64 freerdp-3.10.3-12.el10_2.2.x86_64.rpm SHA-256: 15f6f59d340b114157527560b50666d8d0fdabe044bc9481c5d4b3fa86b8f32e freerdp-debuginfo-3.10.3-12.el10_2.2.x86_64.rpm SHA-256: b9d4dd3c04cfecc7bb8df02db5456f0f2e313cfff571c5e1fe76c8ad67bbf38e freerdp-debugsource-3.10.3-12.el10_2.2.x86_64.rpm SHA-256: 1fc025585d3fef77f073027572c58eac651a7757ac43f54769aa4e0feb5e7143 freerdp-libs-3.10.3-12.el10_2.2.x86_64.rpm SHA-256: ad6a5758ac5a14b567a89d252db506f27b0029e482702e66bc3e28c9ee00d998 freerdp-libs-debuginfo-3.10.3-12.el10_2.2.x86_64.rpm SHA-256: 5468dab55e87aa40e99a158aef4eff19da7c7812ef5c4ae1585d3c7a9e5fc699 freerdp-server-debuginfo-3.10.3-12.el10_2.2.x86_64.rpm SHA-256: 63e2faba3463f0fdffa1dbb98ede0af94f66a05bef407290666295da942c3655 libwinpr-3.10.3-12.el10_2.2.x86_64.rpm SHA-256: 5c9e7eb4883fcb43fc08859ace64073815d7f47f98a0418a6d4c566fc9fe6fe1 libwinpr-debuginfo-3.10.3-12.el10_2.2.x86_64.rpm SHA-256: 90dd25719b95733e6ee05efe0db7833ecc8447f3a240a76e75777cb3809ff36a Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 SRPM freerdp-3.10.3-12.el10_2.2.src.rpm SHA-256: 51a29bcd00e3ff8a72d2455b53807e29e43ae2458fab3f257dcc4721271f59f2 x86_64 freerdp-3.10.3-12.el10_2.2.x86_64.rpm SHA-256: 15f6f59d340b114157527560b50666d8d0fdabe044bc9481c5d4b3fa86b8f32e freerdp-debuginfo-3.10.3-12.el10_2.2.x86_64.rpm SHA-256: b9d4dd3c04cfecc7bb8df02db5456f0f2e313cfff571c5e1fe76c8ad67bbf38e freerdp-debugsource-3.10.3-12.el10_2.2.x86_64.rpm SHA-256: 1fc025585d3fef77f073027572c58eac651a7757ac43f54769aa4e0feb5e7143 freerdp-libs-3.10.3-12.el10_2.2.x86_64.rpm SHA-256: ad6a5758ac5a14b567a89d252db506f27b0029e482702e66bc3e28c9ee00d998 freerdp-libs-debuginfo-3.10.3-12.el10_2.2.x86_64.rpm SHA-256: 5468dab55e87aa40e99a158aef4eff19da7c7812ef5c4ae1585d3c7a9e5fc699 freerdp-server-debuginfo-3.10.3-12.el10_2.2.x86_64.rpm SHA-256: 63e2faba3463f0fdffa1dbb98ede0af94f66a05bef407290666295da942c3655 libwinpr-3.10.3-12.el10_2.2.x86_64.rpm SHA-256: 5c9e7eb4883fcb43fc08859ace64073815d7f47f98a0418a6d4c566fc9fe6fe1 libwinpr-debuginfo-3.10.3-12.el10_2.2.x86_64.rpm SHA-256: 90dd25719b95733e6ee05efe0db7833ecc8447f3a240a76e75777cb3809ff36a Red Hat Enterprise Linux for IBM z Systems 10 SRPM freerdp-3.1