Important: freerdp security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:3068", "synopsis": "Important: freerdp security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for freerdp.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.\n\nSecurity Fix(es):\n\n* freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22855)\n\n* freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22853)\n\n* freerdp: FreeRDP global-buffer-overflow (CVE-2026-22858)\n\n* freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22859)\n\n* freerdp: FreeRDP: Denial of Service via use after free in ecam_channel_write (CVE-2026-24678)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2429653", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2429653", "description": ""}, {"ticket": "2429649", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2429649", "description": ""}, {"ticket": "2429647", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2429647", "description": ""}, {"ticket": "2438197", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2438197", "description": ""}, {"ticket": "2429645", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2429645", "description": ""}], "cves": [{"name": "CVE-2026-22853", "sourceBy": "MITRE", "sourceLink":"https://www.cve.org/CVERecord?id=CVE-2026-22853", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.1", "cwe": "CWE-787"}, {"name": "CVE-2026-22855", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-22855", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "cvss3BaseScore": "7.4", "cwe": "CWE-125"}, {"name": "CVE-2026-22858", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-22858", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "cvss3BaseScore": "7.4", "cwe": "CWE-787"}, {"name": "CVE-2026-22859", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-22859", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "cvss3BaseScore": "7.4", "cwe": "CWE-125"}, {"name": "CVE-2026-24678", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-24678", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss3BaseScore": "5.3", "cwe": "CWE-825"}], "references": [], "publishedAt": "2026-02-24T18:56:34.668877Z", "rpms": {"Rocky Linux 10": {"nvras": ["freerdp-libs-2:3.10.3-5.el10_1.2.s390x.rpm", "libwinpr-debuginfo-2:3.10.3-5.el10_1.2.ppc64le.rpm", "freerdp-devel-2:3.10.3-5.el10_1.2.x86_64.rpm", "freerdp-server-debuginfo-2:3.10.3-5.el10_1.2.aarch64.rpm", "freerdp-debuginfo-2:3.10.3-5.el10_1.2.aarch64.rpm", "freerdp-devel-2:3.10.3-5.el10_1.2.s390x.rpm", "freerdp-debugsource-2:3.10.3-5.el10_1.2.x86_64.rpm", "freerdp-libs-2:3.10.3-5.el10_1.2.ppc64le.rpm", "libwinpr-2:3.10.3-5.el10_1.2.s390x.rpm", "freerdp-debugsource-2:3.10.3-5.el10_1.2.ppc64le.rpm", "libwinpr-devel-2:3.10.3-5.el10_1.2.ppc64le.rpm", "freerdp-devel-2:3.10.3-5.el10_1.2.ppc64le.rpm", "freerdp-server-debuginfo-2:3.10.3-5.el10_1.2.s390x.rpm", "freerdp-2:3.10.3-5.el10_1.2.x86_64.rpm", "freerdp-2:3.10.3-5.el10_1.2.s390x.rpm", "freerdp-libs-debuginfo-2:3.10.3-5.el10_1.2.aarch64.rpm", "freerdp-libs-debuginfo-2:3.10.3-5.el10_1.2.s390x.rpm","freerdp-debuginfo-2:3.10.3-5.el10_1.2.ppc64le.rpm", "libwinpr-2:3.10.3-5.el10_1.2.ppc64le.rpm", "freerdp-2:3.10.3-5.el10_1.2.aarch64.rpm", "freerdp-server-debuginfo-2:3.10.3-5.el10_1.2.x86_64.rpm", "freerdp-server-2:3.10.3-5.el10_1.2.ppc64le.rpm", "freerdp-server-debuginfo-2:3.10.3-5.el10_1.2.ppc64le.rpm", "freerdp-2:3.10.3-5.el10_1.2.ppc64le.rpm", "libwinpr-debuginfo-2:3.10.3-5.el10_1.2.aarch64.rpm", "freerdp-2:3.10.3-5.el10_1.2.src.rpm", "freerdp-server-2:3.10.3-5.el10_1.2.x86_64.rpm", "libwinpr-2:3.10.3-5.el10_1.2.aarch64.rpm", "libwinpr-devel-2:3.10.3-5.el10_1.2.s390x.rpm", "libwinpr-debuginfo-2:3.10.3-5.el10_1.2.x86_64.rpm", "freerdp-server-2:3.10.3-5.el10_1.2.s390x.rpm", "libwinpr-devel-2:3.10.3-5.el10_1.2.x86_64.rpm", "libwinpr-2:3.10.3-5.el10_1.2.x86_64.rpm", "freerdp-libs-2:3.10.3-5.el10_1.2.x86_64.rpm", "freerdp-debugsource-2:3.10.3-5.el10_1.2.s390x.rpm", "freerdp-libs-debuginfo-2:3.10.3-5.el10_1.2.ppc64le.rpm", "freerdp-debugsource-2:3.10.3-5.el10_1.2.aarch64.rpm", "libwinpr-debuginfo-2:3.10.3-5.el10_1.2.s390x.rpm", "libwinpr-devel-2:3.10.3-5.el10_1.2.aarch64.rpm", "freerdp-devel-2:3.10.3-5.el10_1.2.aarch64.rpm", "freerdp-server-2:3.10.3-5.el10_1.2.aarch64.rpm", "freerdp-libs-debuginfo-2:3.10.3-5.el10_1.2.x86_64.rpm", "freerdp-debuginfo-2:3.10.3-5.el10_1.2.s390x.rpm", "freerdp-debuginfo-2:3.10.3-5.el10_1.2.x86_64.rpm", "freerdp-libs-2:3.10.3-5.el10_1.2.aarch64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Rocky Linux freerdp security advisory focuses on crucial updates addressing potential heap overflow issues.. freerdp update, Rocky Linux 10, important security fixes. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.