Explore top 10 tips to secure your open-source projects now. Read More
×
Update to 3.29.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-a9bfa4361b 2026-07-17 00:51:59.635506+00:00 -------------------------------------------------------------------------------- Name : freerdp Product : Fedora 44 Version : 3.29.0 Release : 1.fc44 URL : http://www.freerdp.com/ Summary : Free implementation of the Remote Desktop Protocol (RDP) Description : The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox. -------------------------------------------------------------------------------- Update Information: Update to 3.29.0 -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 15 2026 Ondrej Holy - 2:3.29.0-1 - Update to 3.29.0 Resolves: rhbz#2499994 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2499994 - freerdp-3.29.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2499994 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a9bfa4361b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to 3.28.0 It fixes CVE-2026-57156, CVE-2026-57157 and CVE-2026-57158.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-931f893f1b 2026-07-15 01:03:58.675206+00:00 -------------------------------------------------------------------------------- Name : freerdp Product : Fedora 44 Version : 3.28.0 Release : 1.fc44 URL : http://www.freerdp.com/ Summary : Free implementation of the Remote Desktop Protocol (RDP) Description : The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox. -------------------------------------------------------------------------------- Update Information: Update to 3.28.0 It fixes CVE-2026-57156, CVE-2026-57157 and CVE-2026-57158. -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 13 2026 Ondrej Holy - 2:3.28.0-1 - Update to 3.28.0 (CVE-2026-57156, CVE-2026-57157, CVE-2026-57158) Resolves: rhbz#2497324 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2499199 - CVE-2026-57158 freerdp: FreeRDP: Information disclosure via truncated RDPGFX planar payload [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2499199 [ 2 ] Bug #2499200 - CVE-2026-57157 freerdp: FreeRDP: Out-of-bounds read leads to information disclosure and denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2499200 [ 3 ] Bug #2499226 - CVE-2026-57156 freerdp: FreeRDP: Arbitrary code execution or denial of service via integer overflow in RDP message processing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2499226 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnfupgrade --advisory FEDORA-2026-931f893f1b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-38501 http://linux.oracle.com/errata/ELSA-2026-38501.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: freerdp-2.11.7-10.el8_10.x86_64.rpm freerdp-devel-2.11.7-10.el8_10.i686.rpm freerdp-devel-2.11.7-10.el8_10.x86_64.rpm freerdp-libs-2.11.7-10.el8_10.i686.rpm freerdp-libs-2.11.7-10.el8_10.x86_64.rpm libwinpr-2.11.7-10.el8_10.i686.rpm libwinpr-2.11.7-10.el8_10.x86_64.rpm libwinpr-devel-2.11.7-10.el8_10.i686.rpm libwinpr-devel-2.11.7-10.el8_10.x86_64.rpm aarch64: freerdp-2.11.7-10.el8_10.aarch64.rpm freerdp-devel-2.11.7-10.el8_10.aarch64.rpm freerdp-libs-2.11.7-10.el8_10.aarch64.rpm libwinpr-2.11.7-10.el8_10.aarch64.rpm libwinpr-devel-2.11.7-10.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/freerdp-2.11.7-10.el8_10.src.rpm Related CVEs: CVE-2026-45700 Description of changes: [2:2.11.7-10] - Fix incorrect bounds checks in planar codec (CVE-2026-45700) Resolves: RHEL-186983 _______________________________________________ El-errata mailing list
Important: freerdp security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:38501", "synopsis": "Important: freerdp security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for freerdp.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.\n\nSecurity Fix(es):\n\n* freerdp: FreeRDP: Out-of-bounds write in planar bitmap decoder allows arbitrary code execution (CVE-2026-45700)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2483470", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2483470", "description": ""}], "cves": [{"name": "CVE-2026-45700", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45700", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-787"}], "references": [], "publishedAt": "2026-07-14T06:00:51.502823Z", "rpms": {"Rocky Linux 8": {"nvras": ["freerdp-2:2.11.7-10.el8_10.aarch64.rpm", "freerdp-2:2.11.7-10.el8_10.src.rpm", "freerdp-2:2.11.7-10.el8_10.x86_64.rpm", "freerdp-debuginfo-2:2.11.7-10.el8_10.aarch64.rpm", "freerdp-debuginfo-2:2.11.7-10.el8_10.i686.rpm", "freerdp-debuginfo-2:2.11.7-10.el8_10.x86_64.rpm", "freerdp-debugsource-2:2.11.7-10.el8_10.aarch64.rpm", "freerdp-debugsource-2:2.11.7-10.el8_10.i686.rpm", "freerdp-debugsource-2:2.11.7-10.el8_10.x86_64.rpm", "freerdp-devel-2:2.11.7-10.el8_10.aarch64.rpm","freerdp-devel-2:2.11.7-10.el8_10.i686.rpm", "freerdp-devel-2:2.11.7-10.el8_10.x86_64.rpm", "freerdp-libs-2:2.11.7-10.el8_10.aarch64.rpm", "freerdp-libs-2:2.11.7-10.el8_10.i686.rpm", "freerdp-libs-2:2.11.7-10.el8_10.x86_64.rpm", "freerdp-libs-debuginfo-2:2.11.7-10.el8_10.aarch64.rpm", "freerdp-libs-debuginfo-2:2.11.7-10.el8_10.i686.rpm", "freerdp-libs-debuginfo-2:2.11.7-10.el8_10.x86_64.rpm", "libwinpr-2:2.11.7-10.el8_10.aarch64.rpm", "libwinpr-2:2.11.7-10.el8_10.i686.rpm", "libwinpr-2:2.11.7-10.el8_10.x86_64.rpm", "libwinpr-debuginfo-2:2.11.7-10.el8_10.aarch64.rpm", "libwinpr-debuginfo-2:2.11.7-10.el8_10.i686.rpm", "libwinpr-debuginfo-2:2.11.7-10.el8_10.x86_64.rpm", "libwinpr-devel-2:2.11.7-10.el8_10.aarch64.rpm", "libwinpr-devel-2:2.11.7-10.el8_10.i686.rpm", "libwinpr-devel-2:2.11.7-10.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Rocky Linux has released an important freerdp update to address a critical security issue that may allow arbitrary code execution.. Rocky Linux, freerdp, security update, buffer overflow, arbitrary code execution. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-37207 http://linux.oracle.com/errata/ELSA-2026-37207.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: freerdp-2.11.7-7.el9_8.4.x86_64.rpm freerdp-devel-2.11.7-7.el9_8.4.i686.rpm freerdp-devel-2.11.7-7.el9_8.4.x86_64.rpm freerdp-libs-2.11.7-7.el9_8.4.i686.rpm freerdp-libs-2.11.7-7.el9_8.4.x86_64.rpm libwinpr-2.11.7-7.el9_8.4.i686.rpm libwinpr-2.11.7-7.el9_8.4.x86_64.rpm libwinpr-devel-2.11.7-7.el9_8.4.i686.rpm libwinpr-devel-2.11.7-7.el9_8.4.x86_64.rpm aarch64: freerdp-2.11.7-7.el9_8.4.aarch64.rpm freerdp-devel-2.11.7-7.el9_8.4.aarch64.rpm freerdp-libs-2.11.7-7.el9_8.4.aarch64.rpm libwinpr-2.11.7-7.el9_8.4.aarch64.rpm libwinpr-devel-2.11.7-7.el9_8.4.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/freerdp-2.11.7-7.el9_8.4.src.rpm Related CVEs: CVE-2026-45700 Description of changes: [2:2.11.7-7.4] - Fix incorrect bounds checks in planar codec (CVE-2026-45700) Resolves: RHEL-186991 _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-20546 http://linux.oracle.com/errata/ELSA-2026-20546.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: freerdp-2.1.1-5.0.9.el7_9.x86_64.rpm freerdp-devel-2.1.1-5.0.9.el7_9.i686.rpm freerdp-devel-2.1.1-5.0.9.el7_9.x86_64.rpm freerdp-libs-2.1.1-5.0.9.el7_9.i686.rpm freerdp-libs-2.1.1-5.0.9.el7_9.x86_64.rpm libwinpr-2.1.1-5.0.9.el7_9.i686.rpm libwinpr-2.1.1-5.0.9.el7_9.x86_64.rpm libwinpr-devel-2.1.1-5.0.9.el7_9.i686.rpm libwinpr-devel-2.1.1-5.0.9.el7_9.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/freerdp-2.1.1-5.0.9.el7_9.src.rpm Related CVEs: CVE-2026-25952 CVE-2026-26986 CVE-2026-27951 CVE-2026-29775 CVE-2026-31883 CVE-2026-31884 CVE-2026-31885 CVE-2026-33985 Description of changes: [2.1.1-5.0.9] - Fixed CVE-2026-25952 CVE-2026-26986 CVE-2026-27951 CVE-2026-29775 CVE-2026-31883 CVE-2026-31884 CVE-2026-31885 CVE-2026-33985 [Orabug: 39440279] [2.1.1-5.0.7] - Fixed CVE-2026-22852 CVE-2026-22854 CVE-2026-22856 CVE-2026-23732 CVE-2026-23948 CVE-2026-24491 CVE-2026-24675 CVE-2026-24676 CVE-2026-24679 CVE-2026-24684 CVE-2026-31806 [Orabug: 39272429] [2.1.1-5.0.5] - Fixed CVE-2026-26955 CVE-2026-26956 [Orabug: 39189643] [2:2.2.0-5.0.3] - Fixed CVE-2026-22855 CVE-2026-22858 CVE-2026-22859 [Orabug: 39075086] [2:2.2.0-5.0.1] - fixed CVE-2026-23530 CVE-2026-23531 CVE-2026-23532 CVE-2026-23533 CVE-2026-23884 [Orabug: 38971897] [2:2.2.0-5] - Update: Refactored RPC gateway parser (rhbz#2017944) + fix issues discovered by Covscan [2:2.2.0-4] - Refactored RPC gateway parser (rhbz#2017944) [2.1.1-3] - Add checks for bitmap and glyph width/heigth values (rhbz#2017951) [2.1.1-2] - Update to 2.1.1 (#1834286) [2.0.0-4.rc4] - CVE-2020-11521: Fix out-of-bounds write in planar.c (#1837621) - CVE-2020-11523: Fix integer overflow in region.c (#1837622) - CVE-2020-11524: Fix out-of-boundswrite in interleaved.c (#1837623) _______________________________________________ El-errata mailing list
An update that solves 11 vulnerabilities and has 12 bug fixes can now be installed.. openSUSE security update: security update for freerdp ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21116-1 Rating: important References: * bsc#1174200 * bsc#1261217 * bsc#1261222 * bsc#1261223 * bsc#1261226 * bsc#1261227 * bsc#1262743 * bsc#1266317 * bsc#1267008 * bsc#1267009 * bsc#1267010 * bsc#1267011 Cross-References: * CVE-2026-33982 * CVE-2026-33985 * CVE-2026-33986 * CVE-2026-33987 * CVE-2026-33995 * CVE-2026-40033 * CVE-2026-40254 * CVE-2026-44420 * CVE-2026-44421 * CVE-2026-44422 * CVE-2026-45700 CVSS scores: * CVE-2026-33982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-33985 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L * CVE-2026-33985 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-33986 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-33987 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-33995 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-40033 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-40033 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-40254 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-40254 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-44420 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-44421 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-44422 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-45700 ( SUSE ): 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2026-45700 ( SUSE ): 7.7CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 11 vulnerabilities and has 12 bug fixes can now be installed. Description: This update for freerdp fixes the following issues Update to version 3.26.0: - CVE-2026-33982: heap-buffer-overflow READ vulnerability at 24 bytes before the allocation, in winpr_aligned_offset_recalloc() (bsc#1261222). - CVE-2026-33985: FreeRDP: Information disclosure via heap memory out of bounds read (bsc#1261217). - CVE-2026-33986: heap OOB write due to H.264 YUV buffer dimension desync (bsc#1261223). - CVE-2026-33987: heap OOB write due to persistent cache bmpSize desync (bsc#1261226). - CVE-2026-33995: double-free vulnerability in kerberos_AcceptSecurityContext() and kerberos_InitializeSecurityContextA() (bsc#1261227). - CVE-2026-40033: heap buffer overflow in `gdi_CacheToSurface` allows attackers to cause a denial of service or achieve remote execute code (bsc#1266317). - CVE-2026-40254: off-by-one in contains_dotdot() allows drive channel path traversal (bsc#1262743). - CVE-2026-44420: Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server- side clipboard (cliprdr) channel (bsc#1267008). - CVE-2026-44421: Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs (bsc#1267009). - CVE-2026-44422: Prior to 3.26.0, a malicious-server-triggerable heap use-after-free / double-free in the FreeRDP client's RDPEAR authentication-redirection path exists (bsc#1267010). - CVE-2026-45700: n attacker can bypass the check with a large nDstStep and a large nXDst, causing planar_decompress_plane_rle() to write past the end of pTempData (bsc#1267011). Changes: * cmake: Findyuv: Use correct pkgconfig name(#12666) * Remove deallocator attribute from rfx_message_free (#12681) * [winpr,utils] improve winpr/ntlm.h (#12677) * rdpecam-v4l: stop the capture thread when streaming is cleared (#12690) * fix(winpr,ncrypt): support PIV retired key slots for smartcard logon (#12684) * [core,instance] fix deprecation guards (#12691) * [ci,alt-arch] enable internal MD4, MD5 and RC4 (#12692) * Add VideoToolbox H.264 support for ffmpeg (#12694) * [client,common] add /args-from:file: syntax (#12697) * [ci,freebsd] update freebsd builds (#12698, #12700, #12701, #12702) * [client, android] UI modernization, SQLCipher and more (#12685, #12686, #12687, #12730, * #12731, #12736, #12737, #12688) * [cmake,deps] use alias target for sso-mib (#12706) * [core,settings] add auto reconnect triggered flag (#12709) * Force YUV420P when videotoolbox is used (#12711) * Release cleanups (#12712) * [gdi,gfx] fix bounds checks and proxy unit tests (#12713) * Improved input checks (#12714) * [winpr,utils] add unit tests for command line parser (#12716) * Cmdline fixes (#12717) * [codec,planar] fix bounds checks (#12718) * [client,common] add freerdp_client_settings_parse_command_line_argume... (#12724) * [winpr,sspi] clean up ntlm code (#12732) * Experimental AV1 support has been added. This currently works only with FreeRDP based servers. * Most notably there is now support for [MS-RDPEWA] (FIDO2 redirection) * Android client received a (small) facelift * Improved SDL3 client drawing performance * Console output support for SDL3 (windows) and windows native client * RDP proxy now supports NSCodec and RFX modes. * RDP PRoxy now has smartcard emulation and SAM file support (via config file) * Smartcard KSP support for NLA authentication * [winpr,wlog] add WLog_SetGlobalPrefix (#12497) * [channels,video] fix wrong cast (#12511) * [codec,openh264] reject encoder ABI mismatch on runtime-loaded library (#12510) * [client,sdl] create a copy of rdpPointer (#12512) * [codec,video] properly pass intermediate format(#12518) * [utils, signal] lazily initialize Windows CRITICAL_SECTION to match POSIX static mutex behavior (#12520) * winpr: improve libunwind backtraces (#12530) * [server,shadow] remember selected caps (#12528) * Zero credential data before free in NLA and NTLM context (#12532) * [server,proxy] ignore missing client in input channel (#12536) * [server,proxy] ignore rdpdr messages (#12537) * [winpr,sspi] improve kerberos logging (#12538) * Codec fixes (#12542) * [winpr,sspi] Fix context nullptr handling (#12543) * Dev 3.24.3 dev0 (#12545) * Fix memory leak in gdi_create_bitmap() on gdi_CreateBitmap failure (libfreerdp/gdi/graphics.c) (#12547) * Fix memory leak in vgids_read_do_fkt() on Stream_New failure (libfreerdp/emu/scard/smartcard_virtual_gids.c) (#12548) * Proxy config improve (#12549) * Proxy config improve (#12550) * [client,sdl] clamp cursor hotspot (#12553) * RFC: Research/av1 codec extension (#12527) * [winpr,kerberos] fix krb_log_context_encryption (#12555) * [client,sdl] fix global init return check (#12558) * Fix remote credential with windows11h2 (#12560) * Proxy scard auth improvements (#12561) * [winpr,sspi] guard krb5_get_etype_info (#12562) * [utils,smartcard] fix STATUS_BUFFER_TOO_SMALL (#12564) * [client,common] do not manipulate security settings for smartcard-logon (#12567) * [channels,audin] fix regression for microphone (#12570) * [client,sdl] add SDL_KMOD_MODE and SDL_KMOD_LEVEL5 (#12569) * Fix unbound strlen on slotDescription (#12571) * build: Update FindFFmpeg.cmake to support Apple frameworks with 'lib' prefix (#12565) * [channels,rdpewa] add WebAuthn virtual channel support (#12572) * [core] fix freerdp_get_nla_sspi_error always returning 0 on client (#12574) * [ci] enable rdpewa channel (#12576) * small refactoring (#12578) * Rdpewa unify notifications (#12581) * [client,sdl] fix crash when clicking 'cancel' on PIN popup (#12580) * [channels,drive] refine bounds checks (#12584) * fix: smartcard logon with ECC keys and minidriver-assignedcontainer names (#12585) * Various papercuts (#12583) * fix: console output on Windows client (#12573) * [winpr,crt] dump stack on aligned memory errors (#12588) * [client,x11] keep scancode input for Ctrl/Alt/Super combinations in /kbd:unicode mode (#12590) * [codec,progressive] fix underflow guard in progressive_rfx_quant_sub (#12592) * fix: wfreerdp floatbar visibility (#12594) * [winpr,json] return a copy from WINPR_JSON_Print* (#12595) * [client,sdl] drop WITH_DEBUG_SDL_EVENTS (#12599) * Ncrypt and asn1 cleanup (#12604) * Video channel fix (#12593) * [codec,h264] fix media foundation backend (#12606) * fix(sdl): detect Hyprland and river in tryFallback() (#12608) * Proxy stress fixes (#12597) * Add new fuzzer tests (#12613) * fix(sdl): use SDL_Renderer instead of software surfaces (#12607) * fix(sdl): BFS neighbor walk pop/begin mismatch in addOrUpdateDisplay (#12614) * fix(sdl): promote first monitor as primary when subset excludes primary (#12618) * [ci,android] default to only aarch64 (#12622) * Fix process exit code on non-pidfd platforms (macOS, BSD)#12534) (#12586) * warning cleanups (#12626) * fix: prevent PostQuitMessage in RemoteApp WM_DESTROY handler (#12629) * [winpr,ntlm] fix message cleanup across the SSPI lifecycle (#12609) * Code bug fixes (#12632) * Oss fixes (#12633) * [client,android] add an option to enable keeping screen on when connected (#12630) * [client, android] Fix layout overlaps, migrate to AndroidX, and update UI components (#12628) * Proxy config tests (#12636) * Proxy config optional targethost (#12637) * [client,sdl] set SDL_HINT_SCREENSAVER_INHIBIT_ACTIVITY_NAME (#12639) * Nightly deb fix (#12640, #12641, #12649, #12650, #12642, #12643) * [winpr,input] fix korean keyboard mapping (#12646) * [client,sdl] set hints before SDL_Init (#12644) * Sdl inhibit option (#12647) * [client,X11] fix residual race in xf_clipboard_formats_free (#12648) * (sdl3): Fix oversized window on HiDPI Wayland (#12635) * [cache,bitmap] fix off-by-one inbitmap_cache_put bounds check (#12651) * [winpr,sspi] free fields buffer immediately (#12654) * [codec,dsp] fix fencepost error in dsp_ima_clamp_step (#12655) * RDPECAM MJPEG support * Support for FDK-AAC for sound and microphone redirection * Support timezones as JSON resources * Rely preferably on pkgconfig to pull devel packages instead of * A new option /cert that unifies all certificate related options (gh#FreeRDP/FreeRDP#5880) Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-981=1 Package List: - openSUSE Leap 16.0: freerdp-3.26.0-160000.1.1 freerdp-devel-3.26.0-160000.1.1 freerdp-proxy-3.26.0-160000.1.1 freerdp-proxy-plugins-3.26.0-160000.1.1 freerdp-sdl-3.26.0-160000.1.1 freerdp-server-3.26.0-160000.1.1 freerdp-wayland-3.26.0-160000.1.1 libfreerdp-server-proxy3-3-3.26.0-160000.1.1 libfreerdp3-3-3.26.0-160000.1.1 librdtk0-0-3.26.0-160000.1.1 libuwac0-0-3.26.0-160000.1.1 libwinpr3-3-3.26.0-160000.1.1 rdtk0-devel-3.26.0-160000.1.1 uwac0-devel-3.26.0-160000.1.1 winpr-devel-3.26.0-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2026-33982.html * https://www.suse.com/security/cve/CVE-2026-33985.html * https://www.suse.com/security/cve/CVE-2026-33986.html * https://www.suse.com/security/cve/CVE-2026-33987.html * https://www.suse.com/security/cve/CVE-2026-33995.html * https://www.suse.com/security/cve/CVE-2026-40033.html * https://www.suse.com/security/cve/CVE-2026-40254.html * https://www.suse.com/security/cve/CVE-2026-44420.html * https://www.suse.com/security/cve/CVE-2026-44421.html * https://www.suse.com/security/cve/CVE-2026-44422.html * https://www.suse.com/security/cve/CVE-2026-45700.html . openSUSE's freerdp update addresses critical issues, enhancing security against various exploits andvulnerabilities.. openSUSE security update freerdp important bug fixes. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-19349 http://linux.oracle.com/errata/ELSA-2026-19349.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: freerdp-2.11.7-7.el9_8.3.x86_64.rpm freerdp-devel-2.11.7-7.el9_8.3.i686.rpm freerdp-devel-2.11.7-7.el9_8.3.x86_64.rpm freerdp-libs-2.11.7-7.el9_8.3.i686.rpm freerdp-libs-2.11.7-7.el9_8.3.x86_64.rpm libwinpr-2.11.7-7.el9_8.3.i686.rpm libwinpr-2.11.7-7.el9_8.3.x86_64.rpm libwinpr-devel-2.11.7-7.el9_8.3.i686.rpm libwinpr-devel-2.11.7-7.el9_8.3.x86_64.rpm aarch64: freerdp-2.11.7-7.el9_8.3.aarch64.rpm freerdp-devel-2.11.7-7.el9_8.3.aarch64.rpm freerdp-libs-2.11.7-7.el9_8.3.aarch64.rpm libwinpr-2.11.7-7.el9_8.3.aarch64.rpm libwinpr-devel-2.11.7-7.el9_8.3.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/freerdp-2.11.7-7.el9_8.3.src.rpm Related CVEs: CVE-2026-33983 CVE-2026-33984 Description of changes: [2:2.11.7-7.3] - Lock appWindow to fix use-after-free in RAIL mode (CVE-2026-25952) Resolves: RHEL-159860 [2:2.11.7-7.2] - Fix double free in xf_rail_window_common cleanup (CVE-2026-26986) - Fix growth of preallocated buffers (CVE-2026-27951) - Fix heap-buffer-overflow in bitmap_cache_put (CVE-2026-29775) - Add DSP format checks (CVE-2026-31884) - Fix DSP array bounds checks (CVE-2026-31883) - Fix DSP array bounds checks (CVE-2026-31885) - Update CLEAR_GLYPH_ENTRY::count after alloc (CVE-2026-33985) Resolves: RHEL-159816, RHEL-155478, RHEL-161047, RHEL-161482 Resolves: RHEL-161519, RHEL-161085, RHEL-168463 [2:2.11.7-7.1] - Update CLEAR_VBAR_ENTRY size after alloc (CVE-2026-33984) - Fail progressive_rfx_quant_sub on invalid values (CVE-2026-33983) Resolves: RHEL-163097, RHEL-163113 _______________________________________________ El-errata mailing list
Get the latest Linux and open source security news straight to your inbox.