Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

openSUSE Leap 16.0 freerdp Important Buffer Overflow Vuln 2026-20657-1

opensuse
Calendar Grey May 4, 2026
Dist Opensuse Esm H88
This openSUSE advisory addresses important issues in freerdp, including fixes for 28 vulnerabilities and upgrades.
An update that solves 28 vulnerabilities and has 28 bug fixes can now be installed.

Description

This update for freerdp fixes the following issues:

Update to version 3.24.2.

Security issues fixed:

- CVE-2026-25941: out-of-bounds read in the FreeRDP client RDPGFX channel (bsc#1258919).

- CVE-2026-25942: buffer overflow of global array in `xf_rail_server_execute_result` (bsc#1258920).

- CVE-2026-25952: heap use-after-free in `xf_SetWindowMinMaxInfo` (bsc#1258921).

- CVE-2026-25953: heap use-after-free in `xf_AppUpdateWindowFromSurface` (bsc#1258923).

- CVE-2026-25954: heap use-after-free in `xf_rail_server_local_move_size` (bsc#1258924).

- CVE-2026-25955: heap use-after-free in `xf_AppUpdateWindowFromSurface` (bsc#1258973).

- CVE-2026-25959: heap use-after-free in `xf_cliprdr_provide_data_` (bsc#1258976).

- CVE-2026-25997: heap use-after-free in `xf_clipboard_format_equal` (bsc#1258977).

- CVE-2026-26271: buffer overread in FreeRDP icon processing (bsc#1258979).

- CVE-2026-26955: out-of-bounds write in FreeRDP clients using the GDI surface pipeline (bsc#1258982).

-...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

freerdp-3.24.2-160000.1.1

freerdp-devel-3.24.2-160000.1.1

freerdp-proxy-3.24.2-160000.1.1

freerdp-proxy-plugins-3.24.2-160000.1.1

freerdp-sdl-3.24.2-160000.1.1

freerdp-server-3.24.2-160000.1.1

freerdp-wayland-3.24.2-160000.1.1

libfreerdp-server-proxy3-3-3.24.2-160000.1.1

libfreerdp3-3-3.24.2-160000.1.1

librdtk0-0-3.24.2-160000.1.1

libuwac0-0-3.24.2-160000.1.1

libwinpr3-3-3.24.2-160000.1.1

rdtk0-devel-3.24.2-160000.1.1

uwac0-devel-3.24.2-160000.1.1

winpr-devel-3.24.2-160000.1.1

References

* bsc#1258919

* bsc#1258920

* bsc#1258921

* bsc#1258923

* bsc#1258924

* bsc#1258973

* bsc#1258976

* bsc#1258977

* bsc#1258979

* bsc#1258982

* bsc#1258985

* bsc#1259653

* bsc#1259679

* bsc#1259680

* bsc#1259684

* bsc#1259686

* bsc#1259689

* bsc#1259692

* bsc#1259693

* bsc#1261196

* bsc#1261198

* bsc#1261200

* bsc#1261211

* bsc#1261217

* bsc#1261222

* bsc#1261223

* bsc#1261226

* bsc#1261227

References:

* https://www.suse.com/security/cve/CVE-2026-25941.html

* https://www.suse.com/security/cve/CVE-2026-25942.html

* https://www.suse.com/security/cve/CVE-2026-25952.html

* https://www.suse.com/security/cve/CVE-2026-25953.html

* https://www.suse.com/security/cve/CVE-2026-25954.html

* https://www.suse.com/security/cve/CVE-2026-25955.html

* https://www.suse.com/security/cve/CVE-2026-25959.html

* https://www.suse.com/security/cve/CVE-2026-25997.html

* https://www.suse.com/security/cve/CVE-2026-26271.html

* https://www.suse.com/security/cve/CVE-2026-26955.html

* https://www.suse.com/security/cve/CVE-2026-26965.html

*...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20657-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here