Alerts This Week
Warning Icon 1 1,308
Alerts This Week
Warning Icon 1 1,308

Ubuntu 25.10 FreeRDP Critical Buffer Overflow Denial of Service USN-8042-1

ubuntu
Calendar Grey February 16, 2026
Dist Ubuntu Esm H88
Security advisory details recent issues fixed in FreeRDP impacting various Ubuntu versions with critical fixes needed.
Several security issues were fixed in FreeRDP.

Summary

Several security issues were fixed in FreeRDP.

Software Description:

- freerdp3: RDP client for Windows Terminal Services

- freerdp2: RDP client for Windows Terminal Services

Details:

It was discovered that FreeRDP incorrectly handled memory under certain

circumstances, which could lead to a NULL pointer dereference. An

attacker could possibly use this issue to cause a denial of service.

(CVE-2026-23948)

It was discovered that FreeRDP did not correctly validate the size of

certain variables, which could cause a buffer overflow. An attacker could

possibly use this issue to cause a denial of service or execute arbitrary

code. This issue only affected FreeRDP3 in Ubuntu 24.04 LTS and Ubuntu

25.10. (CVE-2026-24491)

It was discovered that FreeRDP did not correctly validate the size of

certain variables, which could cause a buffer overflow. An attacker could

possibly use this issue to cause a denial of service or execute arbitrary

code. (CVE-2026-24675, CVE-2026-24679, CVE-2026-24682)

...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow critical Ubuntu freerdp

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  freerdp3-x11                    3.16.0+dfsg-2ubuntu0.1
  libfreerdp3-3                   3.16.0+dfsg-2ubuntu0.1

Ubuntu 24.04 LTS
  freerdp2-x11                    2.11.5+dfsg1-1ubuntu0.1~esm5
                                  Available with Ubuntu Pro
  freerdp3-x11                    3.5.1+dfsg1-0ubuntu1.2
  libfreerdp2-2t64                2.11.5+dfsg1-1ubuntu0.1~esm5
                                  Available with Ubuntu Pro
  libfreerdp3-3                   3.5.1+dfsg1-0ubuntu1.2

Ubuntu 22.04 LTS
  freerdp2-x11                    2.6.1+dfsg1-3ubuntu2.10
  libfreerdp2-2                   2.6.1+dfsg1-3ubuntu2.10

Ubuntu 20.04 LTS
  freerdp2-x11                    2.6.1+dfsg1-0ubuntu0.20.04.2+esm3
                                  Available with Ubuntu Pro
  libfreerdp2-2                   2.6.1+dfsg1-0ubuntu0.20.04.2+esm3
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  freerdp2-x11                    2.2.0+dfsg1-0ubuntu0.18.04.4+esm5
                                  Available with Ubuntu Pro
  libfreerdp2-2                   2.2.0+dfsg1-0ubuntu0.18.04.4+esm5
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8042-1

CVE-2026-23948, CVE-2026-24491, CVE-2026-24675, CVE-2026-24676,

CVE-2026-24677, CVE-2026-24678, CVE-2026-24679, CVE-2026-24680,

CVE-2026-24681, CVE-2026-24682, CVE-2026-24683, CVE-2026-24684

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8042-1

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow critical Ubuntu freerdp

Package Information

https://launchpad.net/ubuntu/+source/freerdp3/3.16.0+dfsg-2ubuntu0.1
https://launchpad.net/ubuntu/+source/freerdp2/2.6.1+dfsg1-3ubuntu2.10

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here