<div class="container">
    <h1>Security update for freerdp</h1>

    <table class="table table-striped table-bordered">
        <tbody>
        <tr>
            <th>Announcement ID:</th>
            <td>SUSE-SU-2026:22194-1</td>
        </tr>
        <tr>
            <th>Release Date:</th>
            <td>2026-06-20T06:54:39Z</td>
        </tr>
        
        <tr>
            <th>Rating:</th>
            <td>important</td>
        </tr>
        <tr>
            <th>References:</th>
            <td>
                <ul>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1174200">bsc#1174200</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1261217">bsc#1261217</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1261222">bsc#1261222</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1261223">bsc#1261223</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1261226">bsc#1261226</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1261227">bsc#1261227</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1262743">bsc#1262743</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1266317">bsc#1266317</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1267008">bsc#1267008</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1267009">bsc#1267009</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1267010">bsc#1267010</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1267011">bsc#1267011</a>
                        </li>
                    
                    
                </ul>
            </td>
        </tr>
        
            <tr>
                <th>
                    Cross-References:
                </th>
                <td>
                    <ul>
                    
                        <li style="display: inline;">
                            <a href="https://www.suse.com/security/cve/CVE-2026-33982.html">CVE-2026-33982</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://www.suse.com/security/cve/CVE-2026-33985.html">CVE-2026-33985</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://www.suse.com/security/cve/CVE-2026-33986.html">CVE-2026-33986</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://www.suse.com/security/cve/CVE-2026-33987.html">CVE-2026-33987</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://www.suse.com/security/cve/CVE-2026-33995.html">CVE-2026-33995</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://www.suse.com/security/cve/CVE-2026-40033.html">CVE-2026-40033</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://www.suse.com/security/cve/CVE-2026-40254.html">CVE-2026-40254</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://www.suse.com/security/cve/CVE-2026-44420.html">CVE-2026-44420</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://www.suse.com/security/cve/CVE-2026-44421.html">CVE-2026-44421</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://www.suse.com/security/cve/CVE-2026-44422.html">CVE-2026-44422</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://www.suse.com/security/cve/CVE-2026-45700.html">CVE-2026-45700</a>
                        </li>
                    
                    </ul>
                </td>
            </tr>
            <tr>
                <th>CVSS scores:</th>
                <td>
                    <ul class="list-group">
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-33982</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">5.5</span>
                                <span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-33982</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">8.1</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-33982</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">7.1</span>
                                <span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-33985</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">5.9</span>
                                <span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-33985</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">5.9</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-33985</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">7.1</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-33985</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">5.9</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-33986</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">7.5</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-33986</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">7.5</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-33987</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">5.5</span>
                                <span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-33987</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">7.1</span>
                                <span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-33987</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">6.6</span>
                                <span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-33995</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">6.5</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-33995</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">5.3</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-40033</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">9.2</span>
                                <span class="cvss-vector">CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-40033</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">8.1</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-40033</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">8.7</span>
                                <span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-40033</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">8.8</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-40254</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">2.1</span>
                                <span class="cvss-vector">CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-40254</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">4.2</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-40254</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">6.1</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-40254</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">4.2</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-44420</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">8.8</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-44420</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">8.8</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-44421</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">8.8</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-44421</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">8.8</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-44422</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">7.5</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-44422</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">8.8</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-44422</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">7.5</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-45700</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">7.7</span>
                                <span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-45700</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">8.0</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-45700</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">7.7</span>
                                <span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2026-45700</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">9.8</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
                            </li>
                        
                    </ul>
                </td>
            </tr>
        
        <tr>
            <th>Affected Products:</th>
            <td>
                <ul class="list-group">
                    
                        <li class="list-group-item">SUSE Linux Enterprise Server 16.0</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise Server for SAP applications 16.0</li>
                    
                </ul>
            </td>
        </tr>
        </tbody>
    </table>

    <p>An update that solves 11 vulnerabilities and has one fix can now be installed.</p>

    


    
        <h2>Description:</h2>
    
    <p>This update for freerdp fixes the following issues</p>
<p>Update to version 3.26.0:</p>
<ul>
<li>CVE-2026-33982: heap-buffer-overflow READ vulnerability at 24 bytes before the allocation, in
  winpr_aligned_offset_recalloc() (bsc#1261222).</li>
<li>CVE-2026-33985: FreeRDP: Information disclosure via heap memory out of bounds read (bsc#1261217).</li>
<li>CVE-2026-33986: heap OOB write due to H.264 YUV buffer dimension desync (bsc#1261223).</li>
<li>CVE-2026-33987: heap OOB write due to persistent cache bmpSize desync (bsc#1261226).</li>
<li>CVE-2026-33995: double-free vulnerability in kerberos_AcceptSecurityContext() and
  kerberos_InitializeSecurityContextA() (bsc#1261227).</li>
<li>CVE-2026-40033: heap buffer overflow in <code>gdi_CacheToSurface</code> allows attackers to cause a denial of service or achieve
  remote execute code (bsc#1266317).</li>
<li>CVE-2026-40254: off-by-one in contains_dotdot() allows drive channel path traversal (bsc#1262743).</li>
<li>CVE-2026-44420: Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP&#x27;s server-
  side clipboard (cliprdr) channel (bsc#1267008).</li>
<li>CVE-2026-44421: Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client
  by sending crafted RDPGFX PDUs (bsc#1267009).</li>
<li>CVE-2026-44422: Prior to 3.26.0, a malicious-server-triggerable heap use-after-free / double-free in the FreeRDP
  client&#x27;s RDPEAR authentication-redirection path exists (bsc#1267010).</li>
<li>CVE-2026-45700: n attacker can bypass the check with a large nDstStep and a large nXDst, causing
  planar_decompress_plane_rle() to write past the end of pTempData (bsc#1267011).</li>
</ul>
<p>Changes:</p>
<ul>
<li>cmake: Findyuv: Use correct pkgconfig name (#12666)</li>
<li>Remove deallocator attribute from rfx_message_free (#12681)</li>
<li>[winpr,utils] improve winpr/ntlm.h (#12677)</li>
<li>rdpecam-v4l: stop the capture thread when streaming is cleared (#12690)</li>
<li>fix(winpr,ncrypt): support PIV retired key slots for smartcard logon (#12684)</li>
<li>[core,instance] fix deprecation guards (#12691)</li>
<li>[ci,alt-arch] enable internal MD4, MD5 and RC4 (#12692)</li>
<li>Add VideoToolbox H.264 support for ffmpeg (#12694)</li>
<li>[client,common] add /args-from:file: syntax (#12697)</li>
<li>[ci,freebsd] update freebsd builds (#12698, #12700, #12701, #12702)</li>
<li>[client, android] UI modernization, SQLCipher and more (#12685, #12686, #12687, #12730,</li>
<li>
<h1>12731, #12736, #12737, #12688)</h1>
</li>
<li>[cmake,deps] use alias target for sso-mib (#12706)</li>
<li>[core,settings] add auto reconnect triggered flag (#12709)</li>
<li>Force YUV420P when videotoolbox is used (#12711)</li>
<li>Release cleanups (#12712)</li>
<li>[gdi,gfx] fix bounds checks and proxy unit tests (#12713)</li>
<li>Improved input checks (#12714)</li>
<li>[winpr,utils] add unit tests for command line parser (#12716)</li>
<li>Cmdline fixes (#12717)</li>
<li>[codec,planar] fix bounds checks (#12718)</li>
<li>[client,common] add freerdp_client_settings_parse_command_line_argume... (#12724)</li>
<li>[winpr,sspi] clean up ntlm code (#12732)</li>
<li>Experimental AV1 support has been added. This currently works only with FreeRDP based servers.</li>
<li>Most notably there is now support for [MS-RDPEWA] (FIDO2 redirection)</li>
<li>Android client received a (small) facelift</li>
<li>Improved SDL3 client drawing performance</li>
<li>Console output support for SDL3 (windows) and windows native client</li>
<li>RDP proxy now supports NSCodec and RFX modes.</li>
<li>RDP PRoxy now has smartcard emulation and SAM file support (via config file)</li>
<li>Smartcard KSP support for NLA authentication</li>
<li>[winpr,wlog] add WLog_SetGlobalPrefix (#12497)</li>
<li>[channels,video] fix wrong cast (#12511)</li>
<li>[codec,openh264] reject encoder ABI mismatch on runtime-loaded library (#12510)</li>
<li>[client,sdl] create a copy of rdpPointer (#12512)</li>
<li>[codec,video] properly pass intermediate format (#12518)</li>
<li>[utils, signal] lazily initialize Windows CRITICAL_SECTION to match POSIX static mutex behavior (#12520)</li>
<li>winpr: improve libunwind backtraces (#12530)</li>
<li>[server,shadow] remember selected caps (#12528)</li>
<li>Zero credential data before free in NLA and NTLM context (#12532)</li>
<li>[server,proxy] ignore missing client in input channel (#12536)</li>
<li>[server,proxy] ignore rdpdr messages (#12537)</li>
<li>[winpr,sspi] improve kerberos logging (#12538)</li>
<li>Codec fixes (#12542)</li>
<li>[winpr,sspi] Fix context nullptr handling (#12543)</li>
<li>Dev 3.24.3 dev0 (#12545)</li>
<li>Fix memory leak in gdi_create_bitmap() on gdi_CreateBitmap failure (libfreerdp/gdi/graphics.c) (#12547)</li>
<li>Fix memory leak in vgids_read_do_fkt() on Stream_New failure (libfreerdp/emu/scard/smartcard_virtual_gids.c) (#12548)</li>
<li>Proxy config improve (#12549)</li>
<li>Proxy config improve (#12550)</li>
<li>[client,sdl] clamp cursor hotspot (#12553)</li>
<li>RFC: Research/av1 codec extension (#12527)</li>
<li>[winpr,kerberos] fix krb_log_context_encryption (#12555)</li>
<li>[client,sdl] fix global init return check (#12558)</li>
<li>Fix remote credential with windows11h2 (#12560)</li>
<li>Proxy scard auth improvements (#12561)</li>
<li>[winpr,sspi] guard krb5_get_etype_info (#12562)</li>
<li>[utils,smartcard] fix STATUS_BUFFER_TOO_SMALL (#12564)</li>
<li>[client,common] do not manipulate security settings for smartcard-logon (#12567)</li>
<li>[channels,audin] fix regression for microphone (#12570)</li>
<li>[client,sdl] add SDL_KMOD_MODE and SDL_KMOD_LEVEL5 (#12569)</li>
<li>Fix unbound strlen on slotDescription (#12571)</li>
<li>build: Update FindFFmpeg.cmake to support Apple frameworks with &#x27;lib&#x27; prefix (#12565)</li>
<li>[channels,rdpewa] add WebAuthn virtual channel support (#12572)</li>
<li>[core] fix freerdp_get_nla_sspi_error always returning 0 on client (#12574)</li>
<li>[ci] enable rdpewa channel (#12576)</li>
<li>small refactoring (#12578)</li>
<li>Rdpewa unify notifications (#12581)</li>
<li>[client,sdl] fix crash when clicking &#x27;cancel&#x27; on PIN popup (#12580)</li>
<li>[channels,drive] refine bounds checks (#12584)</li>
<li>fix: smartcard logon with ECC keys and minidriver-assigned container names (#12585)</li>
<li>Various papercuts (#12583)</li>
<li>fix: console output on Windows client (#12573)</li>
<li>[winpr,crt] dump stack on aligned memory errors (#12588)</li>
<li>[client,x11] keep scancode input for Ctrl/Alt/Super combinations in /kbd:unicode mode (#12590)</li>
<li>[codec,progressive] fix underflow guard in progressive_rfx_quant_sub (#12592)</li>
<li>fix: wfreerdp floatbar visibility (#12594)</li>
<li>[winpr,json] return a copy from WINPR_JSON_Print* (#12595)</li>
<li>[client,sdl] drop WITH_DEBUG_SDL_EVENTS (#12599)</li>
<li>Ncrypt and asn1 cleanup (#12604)</li>
<li>Video channel fix (#12593)</li>
<li>[codec,h264] fix media foundation backend (#12606)</li>
<li>fix(sdl): detect Hyprland and river in tryFallback() (#12608)</li>
<li>Proxy stress fixes (#12597)</li>
<li>Add new fuzzer tests (#12613)</li>
<li>fix(sdl): use SDL_Renderer instead of software surfaces (#12607)</li>
<li>fix(sdl): BFS neighbor walk pop/begin mismatch in addOrUpdateDisplay (#12614)</li>
<li>fix(sdl): promote first monitor as primary when subset excludes primary (#12618)</li>
<li>[ci,android] default to only aarch64 (#12622)</li>
<li>Fix process exit code on non-pidfd platforms (macOS, BSD)#12534) (#12586)</li>
<li>warning cleanups (#12626)</li>
<li>fix: prevent PostQuitMessage in RemoteApp WM_DESTROY handler (#12629)</li>
<li>[winpr,ntlm] fix message cleanup across the SSPI lifecycle (#12609)</li>
<li>Code bug fixes (#12632)</li>
<li>Oss fixes (#12633)</li>
<li>[client,android] add an option to enable keeping screen on when connected (#12630)</li>
<li>[client, android] Fix layout overlaps, migrate to AndroidX, and update UI components (#12628)</li>
<li>Proxy config tests (#12636)</li>
<li>Proxy config optional targethost (#12637)</li>
<li>[client,sdl] set SDL_HINT_SCREENSAVER_INHIBIT_ACTIVITY_NAME (#12639)</li>
<li>Nightly deb fix (#12640, #12641, #12649, #12650, #12642, #12643)</li>
<li>[winpr,input] fix korean keyboard mapping (#12646)</li>
<li>[client,sdl] set hints before SDL_Init (#12644)</li>
<li>Sdl inhibit option (#12647)</li>
<li>[client,X11] fix residual race in xf_clipboard_formats_free (#12648)</li>
<li>(sdl3): Fix oversized window on HiDPI Wayland (#12635)</li>
<li>[cache,bitmap] fix off-by-one in bitmap_cache_put bounds check (#12651)</li>
<li>[winpr,sspi] free fields buffer immediately (#12654)</li>
<li>[codec,dsp] fix fencepost error in dsp_ima_clamp_step (#12655)</li>
<li>RDPECAM MJPEG support</li>
<li>Support for FDK-AAC for sound and microphone redirection</li>
<li>Support timezones as JSON resources</li>
<li>Rely preferably on pkgconfig to pull devel packages instead of</li>
<li>A new option /cert that unifies all certificate related options (gh#FreeRDP/FreeRDP#5880)</li>
</ul>



    

    <h2>Patch Instructions:</h2>
    <p>
        To install this SUSE  update use the SUSE recommended
        installation methods like YaST online_update or "zypper patch".<br/>

        Alternatively you can run the command listed for your product:
    </p>
    <ul class="list-group">
        
            <li class="list-group-item">
                SUSE Linux Enterprise Server for SAP applications 16.0
                
                    
                        <br/>
                        <code>zypper in -t patch SUSE-SLES-16.0-981=1</code>
                    
                    
                
            </li>
        
            <li class="list-group-item">
                SUSE Linux Enterprise Server 16.0
                
                    
                        <br/>
                        <code>zypper in -t patch SUSE-SLES-16.0-981=1</code>
                    
                    
                
            </li>
        
    </ul>

    <h2>Package List:</h2>
    <ul>
        
            
                <li>
                    SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64)
                    <ul>
                        
                            <li>freerdp-3.26.0-160000.1.1</li>
                        
                            <li>freerdp-proxy-plugins-debuginfo-3.26.0-160000.1.1</li>
                        
                            <li>libfreerdp3-3-3.26.0-160000.1.1</li>
                        
                            <li>freerdp-sdl-debuginfo-3.26.0-160000.1.1</li>
                        
                            <li>libwinpr3-3-3.26.0-160000.1.1</li>
                        
                            <li>libwinpr3-3-debuginfo-3.26.0-160000.1.1</li>
                        
                            <li>freerdp-debugsource-3.26.0-160000.1.1</li>
                        
                            <li>freerdp-proxy-3.26.0-160000.1.1</li>
                        
                            <li>freerdp-proxy-debuginfo-3.26.0-160000.1.1</li>
                        
                            <li>freerdp-server-3.26.0-160000.1.1</li>
                        
                            <li>libfreerdp3-3-debuginfo-3.26.0-160000.1.1</li>
                        
                            <li>freerdp-server-debuginfo-3.26.0-160000.1.1</li>
                        
                            <li>winpr-devel-3.26.0-160000.1.1</li>
                        
                            <li>freerdp-devel-3.26.0-160000.1.1</li>
                        
                            <li>librdtk0-0-debuginfo-3.26.0-160000.1.1</li>
                        
                            <li>freerdp-sdl-3.26.0-160000.1.1</li>
                        
                            <li>libfreerdp-server-proxy3-3-3.26.0-160000.1.1</li>
                        
                            <li>freerdp-debuginfo-3.26.0-160000.1.1</li>
                        
                            <li>freerdp-wayland-3.26.0-160000.1.1</li>
                        
                            <li>libfreerdp-server-proxy3-3-debuginfo-3.26.0-160000.1.1</li>
                        
                            <li>freerdp-wayland-debuginfo-3.26.0-160000.1.1</li>
                        
                            <li>libuwac0-0-3.26.0-160000.1.1</li>
                        
                            <li>freerdp-proxy-plugins-3.26.0-160000.1.1</li>
                        
                            <li>libuwac0-0-debuginfo-3.26.0-160000.1.1</li>
                        
                            <li>librdtk0-0-3.26.0-160000.1.1</li>
                        
                    </ul>
                </li>
            
        
            
                <li>
                    SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64)
                    <ul>
                        
                            <li>freerdp-3.26.0-160000.1.1</li>
                        
                            <li>freerdp-proxy-plugins-debuginfo-3.26.0-160000.1.1</li>
                        
                            <li>libfreerdp3-3-3.26.0-160000.1.1</li>
                        
                            <li>freerdp-sdl-debuginfo-3.26.0-160000.1.1</li>
                        
                            <li>libwinpr3-3-3.26.0-160000.1.1</li>
                        
                            <li>libwinpr3-3-debuginfo-3.26.0-160000.1.1</li>
                        
                            <li>freerdp-debugsource-3.26.0-160000.1.1</li>
                        
                            <li>freerdp-proxy-3.26.0-160000.1.1</li>
                        
                            <li>freerdp-proxy-debuginfo-3.26.0-160000.1.1</li>
                        
                            <li>freerdp-server-3.26.0-160000.1.1</li>
                        
                            <li>libfreerdp3-3-debuginfo-3.26.0-160000.1.1</li>
                        
                            <li>freerdp-server-debuginfo-3.26.0-160000.1.1</li>
                        
                            <li>winpr-devel-3.26.0-160000.1.1</li>
                        
                            <li>freerdp-devel-3.26.0-160000.1.1</li>
                        
                            <li>librdtk0-0-debuginfo-3.26.0-160000.1.1</li>
                        
                            <li>freerdp-sdl-3.26.0-160000.1.1</li>
                        
                            <li>libfreerdp-server-proxy3-3-3.26.0-160000.1.1</li>
                        
                            <li>freerdp-debuginfo-3.26.0-160000.1.1</li>
                        
                            <li>freerdp-wayland-3.26.0-160000.1.1</li>
                        
                            <li>libfreerdp-server-proxy3-3-debuginfo-3.26.0-160000.1.1</li>
                        
                            <li>freerdp-wayland-debuginfo-3.26.0-160000.1.1</li>
                        
                            <li>libuwac0-0-3.26.0-160000.1.1</li>
                        
                            <li>freerdp-proxy-plugins-3.26.0-160000.1.1</li>
                        
                            <li>libuwac0-0-debuginfo-3.26.0-160000.1.1</li>
                        
                            <li>librdtk0-0-3.26.0-160000.1.1</li>
                        
                    </ul>
                </li>
            
        
    </ul>

    
        <h2>References:</h2>
        <ul>
            
                
                    <li>
                        <a href="https://www.suse.com/security/cve/CVE-2026-33982.html">https://www.suse.com/security/cve/CVE-2026-33982.html</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://www.suse.com/security/cve/CVE-2026-33985.html">https://www.suse.com/security/cve/CVE-2026-33985.html</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://www.suse.com/security/cve/CVE-2026-33986.html">https://www.suse.com/security/cve/CVE-2026-33986.html</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://www.suse.com/security/cve/CVE-2026-33987.html">https://www.suse.com/security/cve/CVE-2026-33987.html</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://www.suse.com/security/cve/CVE-2026-33995.html">https://www.suse.com/security/cve/CVE-2026-33995.html</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://www.suse.com/security/cve/CVE-2026-40033.html">https://www.suse.com/security/cve/CVE-2026-40033.html</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://www.suse.com/security/cve/CVE-2026-40254.html">https://www.suse.com/security/cve/CVE-2026-40254.html</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://www.suse.com/security/cve/CVE-2026-44420.html">https://www.suse.com/security/cve/CVE-2026-44420.html</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://www.suse.com/security/cve/CVE-2026-44421.html">https://www.suse.com/security/cve/CVE-2026-44421.html</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://www.suse.com/security/cve/CVE-2026-44422.html">https://www.suse.com/security/cve/CVE-2026-44422.html</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://www.suse.com/security/cve/CVE-2026-45700.html">https://www.suse.com/security/cve/CVE-2026-45700.html</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1174200">https://bugzilla.suse.com/show_bug.cgi?id=1174200</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1261217">https://bugzilla.suse.com/show_bug.cgi?id=1261217</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1261222">https://bugzilla.suse.com/show_bug.cgi?id=1261222</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1261223">https://bugzilla.suse.com/show_bug.cgi?id=1261223</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1261226">https://bugzilla.suse.com/show_bug.cgi?id=1261226</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1261227">https://bugzilla.suse.com/show_bug.cgi?id=1261227</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1262743">https://bugzilla.suse.com/show_bug.cgi?id=1262743</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1266317">https://bugzilla.suse.com/show_bug.cgi?id=1266317</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1267008">https://bugzilla.suse.com/show_bug.cgi?id=1267008</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1267009">https://bugzilla.suse.com/show_bug.cgi?id=1267009</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1267010">https://bugzilla.suse.com/show_bug.cgi?id=1267010</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1267011">https://bugzilla.suse.com/show_bug.cgi?id=1267011</a>
                    </li>
                
            
        </ul>
    
</div>