Red Hat Product Errata RHSA-2026:20605 - Security Advisory Issued: 2026-05-26 Updated: 2026-05-26 RHSA-2026:20605 - Security Advisory Overview Updated Packages Synopsis Moderate: freerdp security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for freerdp is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): freerdp: FreeRDP: Denial of service via heap use-after-free during auto-reconnect (CVE-2026-25997) freerdp: FreeRDP: Denial of service due to use-after-free vulnerability (CVE-2026-25952) freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect (CVE-2026-26986) freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId (CVE-2026-29775) freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks (CVE-2026-31885) freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0 (CVE-2026-31884) freerdp: FreeRDP: Denial of Service via crafted audio data in RDP (CVE-2026-31883) FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read (CVE-2026-33985) FreeRDP: FreeRDP: Information disclosure and denial of service via heap-buffer-overflow read (CVE-2026-33982) FreeRDP: FreeRDP: Memory corruption vulnerability allows denial of service or arbitrary code execution (CVE-2026-33987) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2442764 - CVE-2026-25997 freerdp: FreeRDP: Denial of service via heap use-after-free during auto-reconnect BZ - 2442768 - CVE-2026-25952 freerdp: FreeRDP: Denial of service due to use-after-free vulnerability BZ - 2442782 - CVE-2026-26986 freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect BZ - 2447379 - CVE-2026-29775 freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId BZ - 2447383 - CVE-2026-31885 freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks BZ - 2447385 - CVE-2026-31884 freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0 BZ - 2447386 - CVE-2026-31883 freerdp: FreeRDP: Denial of Service via crafted audio data in RDP BZ - 2453217 - CVE-2026-33985 FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read BZ - 2453218 - CVE-2026-33982 FreeRDP: FreeRDP: Information disclosure and denial of service via heap-buffer-overflow read BZ - 2453226 - CVE-2026-33987 FreeRDP: FreeRDP: Memory corruption vulnerability allows denial of service or arbitrary code execution CVEs CVE-2026-25952 CVE-2026-25997 CVE-2026-26986 CVE-2026-29775 CVE-2026-31883 CVE-2026-31884 CVE-2026-31885 CVE-2026-33982 CVE-2026-33985 CVE-2026-33987 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM freerdp-3.10.3-3.el10_0.7.src.rpm SHA-256: d465ef77dd8b97636371b22a2f8476dba49746355afb97dfeb00fa5d613b1569 x86_64 freerdp-3.10.3-3.el10_0.7.x86_64.rpm SHA-256: 35b28631e6758a31c9dd32f6703bdd8f56ce6ee4df51a9b4533d9520003935d0 freerdp-debuginfo-3.10.3-3.el10_0.7.x86_64.rpm SHA-256: 06c3c07e465905335f9c208498891b93accee1b25c92465ccd5df63605fa692e freerdp-debugsource-3.10.3-3.el10_0.7.x86_64.rpm SHA-256: 4e87b7df7fe7dd057d95e152c3ef5483da2486dc82b10607bb9e34b66a62c79a freerdp-libs-3.10.3-3.el10_0.7.x86_64.rpm SHA-256: 3dbfe7101d6c1ece1e6a18b0b2a864809d251a81e856d9c1360848e254e4c827 freerdp-libs-debuginfo-3.10.3-3.el10_0.7.x86_64.rpm SHA-256: cae9b7e3879ca3bba60f7013500e52c0b21ace971ed58aee27ebeddce93c5f84 freerdp-server-debuginfo-3.10.3-3.el10_0.7.x86_64.rpm SHA-256: 6fd052766f706dadb8a54b19722d541a69cc1a23b0853923006ec955b0c084e6 libwinpr-3.10.3-3.el10_0.7.x86_64.rpm SHA-256: af3a281cf99e3eded6991fb2f16736e9de849636fa2d30f1c7fc3e6069e773ae libwinpr-debuginfo-3.10.3-3.el10_0.7.x86_64.rpm SHA-256: 79970d4f2f6fd600dd9097bc762e9015a3536f5573523dd082ab80a37fd6ed77 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM freerdp-3.10.3-3.el10_0.7.src.rpm SHA-256: d465ef77dd8b97636371b22a2f8476dba49746355afb97dfeb00fa5d613b1569 s390x freerdp-3.10.3-3.el10_0.7.s390x.rpm SHA-256: 0cae824c9570aa653639246efd16275d9b04df5a179e5a5818370bc5027135ec freerdp-debuginfo-3.10.3-3.el10_0.7.s390x.rpm SHA-256: 7c9d1b5d3593253dbef2f8b79eb009e881d15001b0e32928bb5cfe9b31e1355a freerdp-debugsource-3.10.3-3.el10_0.7.s390x.rpm SHA-256: 94272b0fe42006b770f3e97bbc631080bbe729f80c6e5628eef391adf00558c4 freerdp-libs-3.10.3-3.el10_0.7.s390x.rpm SHA-256: f39bba1ddcbe7bb04f254369bcf2bb985d03559d6d061b0c32fd405463b752e1 freerdp-libs-debuginfo-3.10.3-3.el10_0.7.s390x.rpm SHA-256: 5b02193d523e098b8eb216e181b4b4818e3a23c18e05549d9c56e5c4975d2456 freerdp-server-debuginfo-3.10.3-3.el10_0.7.s390x.rpm SHA-256: 402910aa725fd4b27d2e4c7a05b6029b13614f3e393bf77e79df5ae8f66017a1 libwinpr-3.10.3-3.el10_0.7.s390x.rpm SHA-256: 658ce6a8c02159918785d6f51c2333d0ba32d63b2a52137edab3f07e27da8614 libwinpr-debuginfo-3.10.3-3.el10_0.7.s390x.rpm SHA-256: 7fe29c4e0e1bd7514ed755680f2a95d88f1d492e51ff1882b568ce97990c89f0 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM freerdp-3.10.3-3.el10_0.7.src.rpm SHA-256: d465ef77dd8b97636371b22a2f8476dba49746355afb97dfeb00fa5d613b1569 ppc64le freerdp-3.10.3-3.el10_0.7.ppc64le.rpm SHA-256: dc4ecdee5c31c46455df033795fd7314bb4973d9fe63f3ffefe2181ffae9078e freerdp-debuginfo-3.10.3-3.el10_0.7.ppc64le.rpm SHA-256: 7daf6e0efac053c0f2e7d5d5ae375e27142a8cb47674ecf48fa398fe0855f2ab freerdp-debugsource-3.10.3-3.el10_0.7.ppc64le.rpm SHA-256: b84f643c4b5f35c94325957267b2ce5a4b1f23e4ecb2d1c025c363fe95939acb freerdp-libs-3.10.3-3.el10_0.7.ppc64le.rpm SHA-256: fd81da9874fd51513f6bc8990adc7715c8fa17b01e4f64e6522dc97d28073f7d freerdp-libs-debuginfo-3.10.3-3.el10_0.7.ppc64le.rpm SHA-256: 773d860e19bc6f89956bded32bc839d6e4f3d9125bd064decad715da0813482a freerdp-server-debuginfo-3.10.3-3.el10_0.7.ppc64le.rpm SHA-256: 20041bc8aea8665dab1055f9d64725b6568bc33864acc55910d1f90daba6b6fe libwinpr-3.10.3-3.el10_0.7.ppc64le.rpm SHA-256: 618286ef301ea6dedd258601f160d0178e4b95a45c3a91f45baea86543754c1a libwinpr-debuginfo-3.10.3-3.el10_0.7.ppc64le.rpm SHA-256: f8fc41421dc7c9716d345e2221d37e0dd092ef52af51377948b5d21a0a860f9c Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM freerdp-3.10.3-3.el10_0.7.src.rpm SHA-256: d465ef77dd8b97636371b22a2f8476dba49746355afb97dfeb00fa5d613b1569 aarch64 freerdp-3.10.3-3.el10_0.7.aarch64.rpm SHA-256: c5485021ab6cf02bec1bafea600aa2bc3cbdfd941a54b6b630af8f497aa8e3a1 freerdp-debuginfo-3.10.3-3.el10_0.7.aarch64.rpm SHA-256: 029b1a26ebf419fc9e65ca6173bad615df23f47375db6df93da8340756a21501 freerdp-debugsource-3.10.3-3.el10_0.7.aarch64.rpm SHA-256: 57d7e4fb89a2396307254865f4ae2578deddf53b9ecade5b1cb818f3f988f26f freerdp-libs-3.10.3-3.el10_0.7.aarch64.rpm SHA-256: e84452ce8bf594345b12a684cac9cd6205cac0571fdafda0d761d7d028eddd35 freerdp-libs-debuginfo-3.10.3-3.el10_0.7.aarch64.rpm SHA-256: fb0a81f7f051c5409256bae476d000d385294f7242f53bce59eb16e95a20bb21 freerdp-server-debuginfo-3.10.3-3.el10_0.7.aarch64.rpm SHA-256: 5d18ffd2490c739a24e41a86f4a76bb26e841d17393733f673dc7a5082f3e3e4 libwinpr-3.10.3-3.el10_0.7.aarch64.rpm SHA-256: a209b1ccb715a4e7e63b09b8d9cae0cfb8b6606f8f00aa8b5cdc65bdb679c7d6 libwinpr-debuginfo-3.10.3-3.el10_0.7.aarch64.rpm SHA-256: 8e48135139bad55a3cf2a08a79ccb769ed3f4e6b7240692d7d49e4316520e093 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 SRPM x86_64 freerdp-debuginfo-3.10.3-3.el10_0.7.x86_64.rpm SHA-256: 06c3c07e465905335f9c208498891b93accee1b25c92465ccd5df63605fa692e freerdp-debugsource-3.10.3-3.el10_0.7.x86_64.rpm SHA-256: 4e87b7df7fe7dd057d95e152c3ef5483da2486dc82b10607bb9e34b66a62c79a freerdp-devel-3.10.3-3.el10_0.7.x86_64.rpm SHA-256: 4ece87e769054d33fa3df29dbfed40f7bf993d97a2ac90f93759c66e21cd2c9f freerdp-libs-debuginfo-3.10.3-3.el10_0.7.x86_64.rpm SHA-256: cae9b7e3879ca3bba60f7013500e52c0b21ace971ed58aee27ebeddce93c5f84 freer