An update that solves 44 vulnerabilities and has 32 bug fixes can now be installed.. openSUSE security update: security update for freerdp ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20339-1 Rating: important References: * bsc#1214869 * bsc#1214870 * bsc#1214871 * bsc#1219049 * bsc#1223293 * bsc#1223294 * bsc#1223295 * bsc#1223296 * bsc#1223297 * bsc#1223298 * bsc#1223346 * bsc#1223347 * bsc#1223348 * bsc#1223353 * bsc#1243109 * bsc#1256717 * bsc#1256718 * bsc#1256719 * bsc#1256720 * bsc#1256721 * bsc#1256722 * bsc#1256723 * bsc#1256724 * bsc#1256725 * bsc#1256940 * bsc#1256941 * bsc#1256942 * bsc#1256943 * bsc#1256944 * bsc#1256945 * bsc#1256946 * bsc#1256947 Cross-References: * CVE-2023-40574 * CVE-2023-40575 * CVE-2023-40576 * CVE-2024-22211 * CVE-2024-32039 * CVE-2024-32040 * CVE-2024-32041 * CVE-2024-32458 * CVE-2024-32459 * CVE-2024-32460 * CVE-2024-32658 * CVE-2024-32659 * CVE-2024-32660 * CVE-2024-32661 * CVE-2025-4478 * CVE-2026-22851 * CVE-2026-22852 * CVE-2026-22853 * CVE-2026-22854 * CVE-2026-22855 * CVE-2026-22856 * CVE-2026-22857 * CVE-2026-22858 * CVE-2026-22859 * CVE-2026-23530 * CVE-2026-23531 * CVE-2026-23532 * CVE-2026-23533 * CVE-2026-23534 * CVE-2026-23732 * CVE-2026-23883 * CVE-2026-23884 * CVE-2026-23948 * CVE-2026-24491 * CVE-2026-24675 * CVE-2026-24676 * CVE-2026-24677 * CVE-2026-24678 * CVE-2026-24679 * CVE-2026-24680 * CVE-2026-24681 * CVE-2026-24682 * CVE-2026-24683 * CVE-2026-24684 CVSS scores: * CVE-2023-40574 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-40575 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-40576 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-22211 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-32039 ( SUSE ): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-32040 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-32041 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-32458 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-32459 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-32460 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-32658 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-32659 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2024-32660 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-32661 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-4478 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H * CVE-2025-4478 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-22851 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22851 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-22852 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-22852 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22853 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-22853 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22854 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-22854 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22855 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-22855 ( SUSE ): 6.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-22856 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-22856 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22857 ( SUSE ): 7.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-22857 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22858 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-22858 ( SUSE ): 6.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-22859 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-22859 ( SUSE ): 6.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23530 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-23530 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23531 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-23531 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23532 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-23532 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23533 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-23533 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23534 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-23534 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23732 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-23732 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23883 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-23883 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23884 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-23884 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23948 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23948 ( SUSE ): 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-24491 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-24491 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-24675 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-24675 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-24676 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-24676 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-24677 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-24677 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-24678 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-24678 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-24679 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-24679 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-24680 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-24680 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-24681 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-24681 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-24682 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-24682 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-24683 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-24683 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-24684 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-24684 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N Affected Products: openSUSE Leap16.0 ------------------------------------------------------------- An update that solves 44 vulnerabilities and has 32 bug fixes can now be installed. Description: This update for freerdp fixes the following issues: Update to version 3.22.0 (jsc#PED-15526): + Major bugfix release: * Complete overhaul of SDL client * Introduction of new WINPR_ATTR_NODISCARD macro wrapping compiler or C language version specific [[nodiscard]] attributes * Addition of WINPR_ATTR_NODISCARD to (some) public API functions so usage errors are producing warnings now * Add some more stringify functions for logging * We've received CVE reports, check https://github.com/FreeRDP/FreeRDP/security/advisories for more details! @Keryer reported an issue affecting client and proxy: * CVE-2026-23948 @ehdgks0627 did some more fuzzying and found quite a number of client side bugs. * CVE-2026-24682 * CVE-2026-24683 * CVE-2026-24676 * CVE-2026-24677 * CVE-2026-24678 * CVE-2026-24684 * CVE-2026-24679 * CVE-2026-24681 * CVE-2026-24675 * CVE-2026-24491 * CVE-2026-24680 - Changes from version 3.21.0 * [core,info] fix missing NULL check (#12157) * [gateway,tsg] fix TSG_PACKET_RESPONSE parsing (#12161) * Allow querying auth identity with kerberos when running as a server (#12162) * Sspi krb heimdal (#12163) * Tsg fix idleTimeout parsing (#12167) * [channels,smartcard] revert 649f7de (#12166) * [crypto] deprecate er and der modules (#12170) * [channels,rdpei] lock full update, not only parts (#12175) * [winpr,platform] add WINPR_ATTR_NODISCARD macro (#12178) * Wlog cleanup (#12179) * new stringify functions & touch API defines (#12180) * Add support for querying SECPKG_ATTR_PACKAGE_INFO to NTLM and Kerberos (#12171) * [channels,video] measure times in ns (#12184) * [utils] Nodiscard (#12187) * Error handling fixes (#12186) * [channels,drdynvc] check pointer before reset (#12189) * Winpr api def (#12190) * [winpr,platform] drop C23 [[nodiscard]] (#12192) * [gdi] add additional checks for a valid rdpGdi (#12194) * Sdl3 high dpiv2 (#12173) * peer: Disconnect if Logon() returned FALSE (#12196) * [channels,rdpecam] fix PROPERTY_DESCRIPTION parsing (#12197) * [channel,rdpsnd] only clean up thread before free (#12199) * [channels,rdpei] add RDPINPUT_CONTACT_FLAG_UP (#12195) - Update to version 3.21.0: + Bugfix release with a few new API functions addressing shortcomings with regard to input data validation. Thanks to @ehdgks0627 we have fixed the following additional (medium) client side vulnerabilities: * CVE-2026-23530 * CVE-2026-23531 * CVE-2026-23532 * CVE-2026-23533 * CVE-2026-23534 * CVE-2026-23732 * CVE-2026-23883 * CVE-2026-23884 - Changes from version 3.20.2 * [client,sdl] fix monitor resolution (#12142) * [codec,progressive] fix progressive_rfx_upgrade_block (#12143) * Krb cache fix (#12145) * Rdpdr improved checks (#12141) * Codec advanced length checks (#12146) * Glyph fix length checks (#12151) * Wlog printf format string checks (#12150) * [warnings,format] fix format string warnings (#12152) * Double free fixes (#12153) * [clang-tidy] clean up code warnings (#12154) - Update to version 3.20.2: + Patch release fixing a regression with gateway connections introduced with 3.20.1 ## What's Changed * Warnings and missing enumeration types (#12137) - Changes from version 3.20.1: + New years cleanup release. Fixes some issues reported and does a cleaning sweep to bring down warnings. Thanks to @ehdgks0627 doing some code review/testing we've uncovered the following (medium) vulnerabilities: * CVE-2026-22851 * CVE-2026-22852 * CVE-2026-22853 * CVE-2026-22854 * CVE-2026-22855 * CVE-2026-22856 * CVE-2026-22857 * CVE-2026-22858 * CVE-2026-22859 + These affect FreeRDP based clients only, with the exception of CVE-2026-22858 also affecting FreeRDP proxy.FreeRDP based servers are not affected. - Update to version 3.20.0: * Mingw fixes (#12070) * [crypto,certificate_data] add some hostname sanitation * [client,common]: Fix loading of rdpsnd channel * [client,sdl] set touch and pen hints - Changes from version 3.19.1: * [core,transport] improve SSL error logging * [utils,helpers] fix freerdp_settings_get_legacy_config_path * From stdin and sdl-creds improve * [crypto,certificate] sanitize hostnames * [channels,drdynvc] propagate error in dynamic channel * [CMake] make Mbed-TLS and LibreSSL experimental * Json fix * rdpecam: send sample only if it's available * [channels,rdpecam] allow MJPEG frame skip and direct passthrough * [winpr,utils] explicit NULL checks in jansson WINPR_JSON_ParseWithLength - Changes from version 3.19.0: * [client,common] fix retry counter * [cmake] fix aarch64 neon detection * Fix response body existence check when using RDP Gateway * fix line clipping issue * Clip coord fix * [core,input] Add debug log to keyboard state sync * Update command line usage for gateway option * [codec,ffmpeg] 8.0 dropped AV_PROFILE_AAC_MAIN * [channels,audin] fix pulse memory leak * [channels,drive] Small performance improvements in drive channel * [winpr,utils] fix command line error logging * [common,test] Adjust AVC and H264 expectations * drdynvc: implement compressed packet * [channels,rdpecam] improve log messages * Fix remote credential guard channel loading * Fix inverted ifdef * [core,nego] disable all enabled modes except the one requested * rdpear: handle basic NTLM commands and fix server-side * [smartcardlogon] Fix off-by-one error in `smartcard_hw_enumerateCerts` * rdpecam: fix camera sample grabbing - Update to version 3.18.0: + Fix a regression reading passwords from stdin + Fix a timer regression (s instead of ms) + Improved multitouch support + Fix a bug with PLANAR codec (used with /bpp:32 or sometimes with /gfx) + Better error handling for ARMtransport (Entra) + Fix audio encoder lag (microphone/AAC) with FFMPEG + Support for janssen JSON library - Update to version 3.17.2: + Minor improvements and bugfix release. + Most notably resource usage (file handles) has been greatly reduced and static build pkg-config have been fixed. For users of xfreerdp RAILS/RemoteApp mode the switch to DesktopSession mode has been fixed (working UAC screen) - Changes from version 3.17.1 + Minor improvements and bugfix release. * most notably a memory leak was addressed * fixed header files missing C++ guards * xfreerdp as well as the SDL clients now support a system wide configuration file * Heimdal kerberos support was improved * builds with [MS-RDPEAR] now properly abort at configure if Heimdal is used (this configuration was never supported, so ensure nobody compiles it that way) - Enable openh264 support, we can build against the noopenh264 stub - Update to 3.17.0: * [client,sdl2] fix build with webview (#11685) * [core,nla] use wcslen for password length (#11687) * Clear channel error prior to call channel init event proc (#11688) * Warn args (#11689) * [client,common] fix -mouse-motion (#11690) * [core,proxy] fix IPv4 and IPv6 length (#11692) * Regression fix2 (#11696) * Log fixes (#11693) * [common,settings] fix int casts (#11699) * [core,connection] fix log level of several messages (#11697) * [client,sdl] print current video driver (#11701) * [crypto,tls] print big warning for /cert:ignore (#11704) * [client,desktop] fix StartupWMClass setting (#11708) * [cmake] unify version creation (#11711) * [common,settings] force reallocation on caps copy (#11715) * [manpages] Add example of keyboard remapping (#11718) * Some fixes in Negotiate and NLA (#11722) * [client,x11] fix clipboard issues (#11724) * kerberos: do various tries for TGT retrieval in u2u (#11723) * Cmdline escape strings (#11735) * [winpr,utils] do not log command line arguments (#11736) * [api,doc] Addstylesheed for doxygen (#11738) * [core,proxy] fix BIO read methods (#11739) * [client,common] fix sso_mib_get_access_token return value in error case (#11741) * [crypto,tls] do not use context-> settings-> instance (#11749) * winpr: re-introduce the credentials module (#11734) * [winpr,timezone] ensure thread-safe initialization (#11754) * core/redirection: Ensure stream has enough space for the certificate (#11762) * [client,common] do not log success (#11766) * Clean up bugs exposed on systems with high core counts (#11761) * [cmake] add installWithRPATH (#11747) * [clang-tidy] fix various warnings (#11769) * Wlog improve type checks (#11774) * [client,common] fix tenantid command line parsing (#11779) * Proxy module static and shared linking support (#11768) * LoadLibrary Null fix (#11786) * [client,common] add freerdp_client_populate_settings_from_rdp_file_un\u2026 (#11780) * Fullchain support (#11787) * [client,x11] ignore floatbar events (#11771) * [winpr,credentials] prefer utf-8 over utf-16-LE #11790 * [proxy,modules] ignore bitmap-filter skip remaining #11789 - Update to 3.16.0: * Lots of improvements for the SDL3 client * Various X11 client improvements * Add a timer implementation * Various AAD/Azure/Entra improvements * YUV420 primitives fixes - Update to 3.15.0: * [client,sdl] fix crash on suppress output * [channels,remdesk] fix possible memory leak * [client,x11] map exit code success * Hidef rail checks and deprecation fixe * Standard rdp security network issues * [core,rdp] fix check for SEC_FLAGSHI_VALID * [core,caps] fix rdp_apply_order_capability_set * [core,proxy] align no_proxy to curl * [core,gateway] fix string reading for TSG * [client,sdl] refactor display update - Update to version 3.14.0: + Bugfix and cleanup release. Due to some new API functions the minor version has been increased. - Changes from version 3.13.0: + Friends of old hardware rejoice, serial port redirection got an update (not kiddingyou) + Android builds have been updated to be usable again + Mingw builds now periodically do a shared and static build + Fixed some bugs and regressions along the way and improved test coverage as well - Changes from version 3.12.0: + Multimonitor backward compatibility fixes + Smartcard compatibility + Improve the [MS-RDPECAM] support + Improve smartcard redirection support + Refactor SSE optimizations: Split headers, unify load/store, require SSE3 for all optimized functions + Refactors the CMake build to better support configuration based builders + Fix a few regressions from last release (USB redirection and graphical glitches) - Changes from version 3.11.0: + A new release with bugfixes and code cleanups as well as a few nifty little features - CVE-2024-22211: In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. (bsc#1219049) - CVE-2024-32658: Fixedout-of-bounds read in Interleaved RLE Bitmap Codec in FreeRDP based clients (bsc#1223353) - Multiple CVE fixes + CVE-2024-32659: Fixed out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`(bsc#1223346) + CVE-2024-32660: Fixed client crash via invalid huge allocation size (bsc#1223347) + CVE-2024-32661: Fixed client NULL pointer dereference (bsc#1223348) - Multiple CVE fixes: * bsc#1223293, CVE-2024-32039 * bsc#1223294, CVE-2024-32040 * bsc#1223295, CVE-2024-32041 * bsc#1223296, CVE-2024-32458 * bsc#1223297, CVE-2024-32459 * bsc#1223298, CVE-2024-32460 * Fix CVE-2023-40574 - bsc#1214869: Out-Of-Bounds Write in general_YUV444ToRGB_8u_P3AC4R_BGRX * Fix CVE-2023-40575 - bsc#1214870: Out-Of-Bounds Read in general_YUV444ToRGB_8u_P3AC4R_BGRX * Fix CVE-2023-40576 - bsc#1214871: Out-Of-Bounds Read in RleDecompress Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the commandlisted for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-368=1 Package List: - openSUSE Leap 16.0: freerdp-3.22.0-160000.1.1 freerdp-devel-3.22.0-160000.1.1 freerdp-proxy-3.22.0-160000.1.1 freerdp-proxy-plugins-3.22.0-160000.1.1 freerdp-sdl-3.22.0-160000.1.1 freerdp-server-3.22.0-160000.1.1 freerdp-wayland-3.22.0-160000.1.1 libfreerdp-server-proxy3-3-3.22.0-160000.1.1 libfreerdp3-3-3.22.0-160000.1.1 librdtk0-0-3.22.0-160000.1.1 libuwac0-0-3.22.0-160000.1.1 libwinpr3-3-3.22.0-160000.1.1 rdtk0-devel-3.22.0-160000.1.1 uwac0-devel-3.22.0-160000.1.1 winpr-devel-3.22.0-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2023-40574.html * https://www.suse.com/security/cve/CVE-2023-40575.html * https://www.suse.com/security/cve/CVE-2023-40576.html * https://www.suse.com/security/cve/CVE-2024-22211.html * https://www.suse.com/security/cve/CVE-2024-32039.html * https://www.suse.com/security/cve/CVE-2024-32040.html * https://www.suse.com/security/cve/CVE-2024-32041.html * https://www.suse.com/security/cve/CVE-2024-32458.html * https://www.suse.com/security/cve/CVE-2024-32459.html * https://www.suse.com/security/cve/CVE-2024-32460.html * https://www.suse.com/security/cve/CVE-2024-32658.html * https://www.suse.com/security/cve/CVE-2024-32659.html * https://www.suse.com/security/cve/CVE-2024-32660.html * https://www.suse.com/security/cve/CVE-2024-32661.html * https://www.suse.com/security/cve/CVE-2025-4478.html * https://www.suse.com/security/cve/CVE-2026-22851.html * https://www.suse.com/security/cve/CVE-2026-22852.html * https://www.suse.com/security/cve/CVE-2026-22853.html * https://www.suse.com/security/cve/CVE-2026-22854.html * https://www.suse.com/security/cve/CVE-2026-22855.html * https://www.suse.com/security/cve/CVE-2026-22856.html * https://www.suse.com/security/cve/CVE-2026-22857.html * https://www.suse.com/security/cve/CVE-2026-22858.html *https://www.suse.com/security/cve/CVE-2026-22859.html * https://www.suse.com/security/cve/CVE-2026-23530.html * https://www.suse.com/security/cve/CVE-2026-23531.html * https://www.suse.com/security/cve/CVE-2026-23532.html * https://www.suse.com/security/cve/CVE-2026-23533.html * https://www.suse.com/security/cve/CVE-2026-23534.html * https://www.suse.com/security/cve/CVE-2026-23732.html * https://www.suse.com/security/cve/CVE-2026-23883.html * https://www.suse.com/security/cve/CVE-2026-23884.html * https://www.suse.com/security/cve/CVE-2026-23948.html * https://www.suse.com/security/cve/CVE-2026-24491.html * https://www.suse.com/security/cve/CVE-2026-24675.html * https://www.suse.com/security/cve/CVE-2026-24676.html * https://www.suse.com/security/cve/CVE-2026-24677.html * https://www.suse.com/security/cve/CVE-2026-24678.html * https://www.suse.com/security/cve/CVE-2026-24679.html * https://www.suse.com/security/cve/CVE-2026-24680.html * https://www.suse.com/security/cve/CVE-2026-24681.html * https://www.suse.com/security/cve/CVE-2026-24682.html * https://www.suse.com/security/cve/CVE-2026-24683.html * https://www.suse.com/security/cve/CVE-2026-24684.html . Critical update for openSUSE freerdp that resolves 44 issues with important bugs fixed. Upgrade recommended now.. openSUSE update, freerdp security, important patch, Linux bugs. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.