This update for freerdp fixes the following issues
Update to version 3.26.0:
- CVE-2026-33982: heap-buffer-overflow READ vulnerability at 24 bytes before the allocation, in
winpr_aligned_offset_recalloc() (bsc#1261222).
- CVE-2026-33985: FreeRDP: Information disclosure via heap memory out of bounds read (bsc#1261217).
- CVE-2026-33986: heap OOB write due to H.264 YUV buffer dimension desync (bsc#1261223).
- CVE-2026-33987: heap OOB write due to persistent cache bmpSize desync (bsc#1261226).
- CVE-2026-33995: double-free vulnerability in kerberos_AcceptSecurityContext() and
kerberos_InitializeSecurityContextA() (bsc#1261227).
- CVE-2026-40033: heap buffer overflow in `gdi_CacheToSurface` allows attackers to cause a denial of service or achieve
remote execute code (bsc#1266317).
- CVE-2026-40254: off-by-one in contains_dotdot() allows drive channel path traversal (bsc#1262743).
- CVE-2026-44420: Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in...
Read the Full Advisory- openSUSE Leap 16.0:
freerdp-3.26.0-160000.1.1
freerdp-devel-3.26.0-160000.1.1
freerdp-proxy-3.26.0-160000.1.1
freerdp-proxy-plugins-3.26.0-160000.1.1
freerdp-sdl-3.26.0-160000.1.1
freerdp-server-3.26.0-160000.1.1
freerdp-wayland-3.26.0-160000.1.1
libfreerdp-server-proxy3-3-3.26.0-160000.1.1
libfreerdp3-3-3.26.0-160000.1.1
librdtk0-0-3.26.0-160000.1.1
libuwac0-0-3.26.0-160000.1.1
libwinpr3-3-3.26.0-160000.1.1
rdtk0-devel-3.26.0-160000.1.1
uwac0-devel-3.26.0-160000.1.1
winpr-devel-3.26.0-160000.1.1
* bsc#1174200
* bsc#1261217
* bsc#1261222
* bsc#1261223
* bsc#1261226
* bsc#1261227
* bsc#1262743
* bsc#1266317
* bsc#1267008
* bsc#1267009
* bsc#1267010
* bsc#1267011
References:
* https://www.suse.com/security/cve/CVE-2026-33982.html
* https://www.suse.com/security/cve/CVE-2026-33985.html
* https://www.suse.com/security/cve/CVE-2026-33986.html
* https://www.suse.com/security/cve/CVE-2026-33987.html
* https://www.suse.com/security/cve/CVE-2026-33995.html
* https://www.suse.com/security/cve/CVE-2026-40033.html
* https://www.suse.com/security/cve/CVE-2026-40254.html
* https://www.suse.com/security/cve/CVE-2026-44420.html
* https://www.suse.com/security/cve/CVE-2026-44421.html
* https://www.suse.com/security/cve/CVE-2026-44422.html
* https://www.suse.com/security/cve/CVE-2026-45700.html
Get the latest Linux and open source security news straight to your inbox.