SUSE-SU-2026:21436-1: important: Security update for freerdp
SLE-UPDATES
null at suse.de
Mon May 4 08:36:13 UTC 2026
# Security update for freerdp
Announcement ID: SUSE-SU-2026:21436-1
Release Date: 2026-04-30T16:52:03Z
Rating: important
References:
* bsc#1258919
* bsc#1258920
* bsc#1258921
* bsc#1258923
* bsc#1258924
* bsc#1258973
* bsc#1258976
* bsc#1258977
* bsc#1258979
* bsc#1258982
* bsc#1258985
* bsc#1259653
* bsc#1259679
* bsc#1259680
* bsc#1259684
* bsc#1259686
* bsc#1259689
* bsc#1259692
* bsc#1259693
* bsc#1261196
* bsc#1261198
* bsc#1261200
* bsc#1261211
* bsc#1261217
* bsc#1261222
* bsc#1261223
* bsc#1261226
* bsc#1261227
Cross-References:
* CVE-2026-25941
* CVE-2026-25942
* CVE-2026-25952
* CVE-2026-25953
* CVE-2026-25954
* CVE-2026-25955
* CVE-2026-25959
* CVE-2026-25997
* CVE-2026-26271
* CVE-2026-26955
* CVE-2026-26965
* CVE-2026-29774
* CVE-2026-29775
* CVE-2026-29776
* CVE-2026-31806
* CVE-2026-31883
* CVE-2026-31884
* CVE-2026-31885
* CVE-2026-31897
* CVE-2026-33952
* CVE-2026-33977
* CVE-2026-33982
* CVE-2026-33983
* CVE-2026-33984
* CVE-2026-33985
* CVE-2026-33986
* CVE-2026-33987
* CVE-2026-33995
CVSS scores:
* CVE-2026-25941 ( SUSE ): 5.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-25941 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2026-25941 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
* CVE-2026-25941 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2026-25942 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-25942 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-25942 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25942 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25952 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-25952 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-25952 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25952 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-25953 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-25953 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-25953 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25953 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-25954 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-25954 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-25954 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25954 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25955 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-25955 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-25955 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25955 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-25959 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-25959 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-25959 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25959 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-25997 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-25997 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-25997 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25997 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-26271 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-26271 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-26955 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-26955 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-26955 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-26965 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-26965 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-26965 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-29774 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-29774 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-29774 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-29774 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-29775 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-29775 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-29775 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-29775 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-29776 ( SUSE ): 2.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-29776 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-29776 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-31806 ( SUSE ): 7.5
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31806 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-31806 ( NVD ): 9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-31806 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31883 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-31883 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-31883 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31883 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-31884 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-31884 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-31884 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-31884 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31885 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-31885 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
* CVE-2026-31885 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2026-31885 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-31897 ( SUSE ): 2.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-31897 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-31897 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31897 ( NVD ): 0.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
* CVE-2026-33952 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33952 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-33952 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-33952 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-33952 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-33977 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33977 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-33977 ( NVD ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-33977 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-33982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2026-33982 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
* CVE-2026-33982 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
* CVE-2026-33983 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33983 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-33983 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-33984 ( SUSE ): 7.5
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33984 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-33984 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-33985 ( SUSE ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-33985 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L
* CVE-2026-33985 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
* CVE-2026-33985 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L
* CVE-2026-33986 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-33986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-33987 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2026-33987 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
* CVE-2026-33987 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
* CVE-2026-33995 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-33995 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
* SUSE Linux Enterprise Server 16.0
* SUSE Linux Enterprise Server for SAP applications 16.0
An update that solves 28 vulnerabilities can now be installed.
## Description:
This update for freerdp fixes the following issues:
Update to version 3.24.2.
Security issues fixed:
* CVE-2026-25941: out-of-bounds read in the FreeRDP client RDPGFX channel
(bsc#1258919).
* CVE-2026-25942: buffer overflow of global array in
`xf_rail_server_execute_result` (bsc#1258920).
* CVE-2026-25952: heap use-after-free in `xf_SetWindowMinMaxInfo`
(bsc#1258921).
* CVE-2026-25953: heap use-after-free in `xf_AppUpdateWindowFromSurface`
(bsc#1258923).
* CVE-2026-25954: heap use-after-free in `xf_rail_server_local_move_size`
(bsc#1258924).
* CVE-2026-25955: heap use-after-free in `xf_AppUpdateWindowFromSurface`
(bsc#1258973).
* CVE-2026-25959: heap use-after-free in `xf_cliprdr_provide_data_`
(bsc#1258976).
* CVE-2026-25997: heap use-after-free in `xf_clipboard_format_equal`
(bsc#1258977).
* CVE-2026-26271: buffer overread in FreeRDP icon processing (bsc#1258979).
* CVE-2026-26955: out-of-bounds write in FreeRDP clients using the GDI surface
pipeline (bsc#1258982).
* CVE-2026-26965: out-of-bounds write in FreeRDP client RLE planar decode path
(bsc#1258985).
* CVE-2026-29774: heap buffer overflow in the FreeRDP client's AVC420/AVC444
YUV-to-RGB conversion path (bsc#1259689).
* CVE-2026-29775: out-of-bounds access in the FreeRDP client bitmap cache
subsystem (bsc#1259684).
* CVE-2026-29776: integer underflow in `update_read_cache_bitmap_order`
(bsc#1259692).
* CVE-2026-31806: heap buffer overflow in `nsc_process_message` (bsc#1259653).
* CVE-2026-31883: heap buffer overwrite due to a `size_t` underflow in the
IMA-ADPCM and MS-ADPCM audio decoders (bsc#1259679).
* CVE-2026-31884: division by zero in MS-ADPCM and IMA-ADPCM decoders
(bsc#1259680).
* CVE-2026-31885: out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders
(bsc#1259686).
* CVE-2026-31897: out-of-bounds read in `freerdp_bitmap_decompress_planar`
(bsc#1259693).
* CVE-2026-33952: client-side crash due to `WINPR_ASSERT()` failure in
`rts_read_auth_verifier_no_checks()` (bsc#1261196).
* CVE-2026-33977: client-side crash due to `WINPR_ASSERT()` failure in IMA
ADPCM audio decoder (bsc#1261198).
* CVE-2026-33982: heap buffer overread in in `winpr_aligned_offset_recalloc`
(bsc#1261222).
* CVE-2026-33983: undefined behavior and resource exhaustion via 80 billion
iteration loop in `progressive_decompress_tile_upgrade` (bsc#1261200).
* CVE-2026-33984: heap buffer overflow in ClearCodec `resize_vbar_entry`
(bsc#1261211).
* CVE-2026-33985: heap out-of-bounds read in `clear_decompress_glyph_data`
(bsc#1261217).
* CVE-2026-33986: heap out-of-bounds write due to H.264 YUV buffer dimension
desync (bsc#1261223).
* CVE-2026-33987: heap out-of-bounds write due to persistent cache bmpSize
desync (bsc#1261226).
* CVE-2026-33995: double-free vulnerability in
`kerberos_AcceptSecurityContext` and `kerberos_InitializeSecurityContextA`
(bsc#1261227).
Other updates and bugfixes:
* Version 3.24.2:
* [channels,video] fix wrong cast (#12511)
* [codec,openh264] reject encoder ABI mismatch on runtime-loaded library
(#12510)
* [client,sdl] create a copy of rdpPointer (#12512)
* [codec,video] properly pass intermediate format (#12518)
* [utils, signal] lazily initialize Windows CRITICAL_SECTION to match POSIX
static mutex behavior (#12520) winpr: improve libunwind backtraces (#12530)
* [server,shadow] remember selected caps (#12528)
* Zero credential data before free in NLA and NTLM context (#12532)
* [server,proxy] ignore missing client in input channel (#12536)
* [server,proxy] ignore rdpdr messages (#12537)
* [winpr,sspi] improve kerberos logging (#12538)
* Codec fixes (#12542)
* Version 3.24.1:
* [warnings] fix various sign and cast warnings (#12480)
* [client,x11] start with xfc->remote_app = TRUE; (#12491)
* Sam file read regression fix (#12484)
* [ncrypt,smartcardlogon] support ECC keys in PKCS#11 smartcard enumeration
(#12490)
* Fix: memory leak in rdp_client_establish_keys() (#12494)
* Fix memory leak in freerdp_settings_int_buffer_copy() on error paths
(libfreerdp/core/settings.c) (#12486)
* Code Cleanups (#12493)
* Fix: memory leak in PCSC_SCardListReadersW() (#12495)
* [channels,telemetry] use dynamic logging (#12496)
* [channel,gfx] use generic plugin log (@12498, #12499)
* [channels,audin] set error when audio_format_read fails (#12500)
* [channels,video] unify error handling (#12502)
* Fastpath fine grained lock (#12503)
* [core,update] make the PlaySound callback non-mandatory (#12504)
* Refinements: RPM build updates, FIPS improvements (#12506)
* Version 3.24.0:
* Completed the [[nodiscard]] marking of the API to warn about problematic
* unchecked use of functions
* Added full C23 support (default stays at C11) to allow new compilers
* to do stricter checking
* Improved X11 and SDL3 clients
* Improved smartcard support
* proxy now supports RFX graphics mode
* Attribute nodiscard related chanes (#12325, #12360, #12395, #12406, #12421,
#12426, #12177, #12403, #12405, #12407, #12409, #12408, #12412, #12413)
* c23 related improvements (#12368, #12371, #12379, #12381, #12383, #12385,
#12386, #12387, #12384)
* Generic code cleanups (#12382, #12439, #12455, #12462, #12399, #12473)
[core,utils] ignore NULL values in remove_rdpdr_type (#12372)
* [codec,fdk] revert use of WinPR types (#12373)
* [core,gateway] ignore incomplete rpc header (#12375, #12376)
* [warnings] make function declaration names consistent (#12377)
* [libfreerdp] Add new define for logon error info (#12380)
* [client,x11] improve rails window locking (#12392)
* Reload fix missing null checks (#12396)
* Bounds checks (#12400)
* [server,proxy] check for nullptr before using scard_call_context (#12404)
* [uwac] fix rectangular glitch around surface damage regions (#12410)
* Address various error handling inconsistencies (#12411)
* [core,server] Improve WTS API locking (#12414)
* Address some GCC compile issues (#12415, #12420)
* Winpr atexit (#12416)
* [winpr,smartcard] fix function pointer casts (#12422)
* Xf timer fix (#12423)
* [client,sdl] workaround for wlroots compositors (#12425)
* [client,sdl] fix SdlWindow::query (#12378)
* [winpr,smartcard] fix PCSC_ReleaseCardContext (#12427)
* [client,x11] eliminate obsolete compile flags (#12428)
* [client,common] skip sending input events when not connected (#12429)
* Input connected checks (#12430)
* Floatbar and display channel improvements (#12431)
* [winpr,platform] fix WINPR_ATTR_NODISCARD definition (#12432)
* [client] Fix writing of gatewayusagemethod to .rdp files (#12433)
* Nodiscard finetune (#12435)
* [core] fix missing gateway credential sync (#12436)
* [client,sdl3] limit FREERDP_WLROOTS_HACK (#12441)
* [core,settings] Allow FreeRDP_instance in setter (#12442)
* [codec,h264] make log message trace (#12444)
* X11 rails improve (#12440)
* [codec,nsc] limit copy area in nsc_process_message (#12448)
* Proxy support RFX and NSC settings (#12449)
* [client,common] display a shortened help on parsing issues (#12450)
* [winpr,smartcard] refine locking for pcsc layer (#12451)
* [codec,swscale] allow runtime loading of swscale (#12452)
* Swscale fallback (#12454)
* Sdl multi scaling support (#12456)
* [packaging,flatpak] update runtime and dependencies (#12457)
* [codec,video] add doxygen version details (#12458)
* [github,templates] update templates (#12460)
* [client,sdl] allow FREERDP_WLROOTS_HACK for all sessions (#12461)
* [warnings,nodiscard] add log messages for failures (#12463)
* [gdi,gdi] ignore empty rectangles (#12467)
* Smartcard fix smartcard-login, pass rdpContext for abort (#12466)
* [winpr,smartcard] fix compiler warnings (#12469)
* [winpr,timezone] fix search for transition dates (#12468)
* [client,common] improve /p help (#12471)
* Scard logging refactored (#12472)
* [emu,scard] fix smartcard emulation (#12475)
* Sdl null cursor (#12474)
* Version 3.23.0:
* Sdl cleanup (#12202)
* [client,sdl] do not apply window offset (#12205)
* [client,sdl] add SDL_Error to exceptions (#12214)
* Rdp monitor log (#12215)
* [winpr,smartcard] implement some attributes (#12213)
* [client,windows] Fix return value checks for mouse event functions (#12279)
* [channels,rdpecam] fix sws context checks (#12272)
* [client,windows] Enhance error handling and context validation (#12264)
* [client,windows] Add window handle validation in RDP_EVENT_TYPE_WINDOW_NEW
(#12261)
* [client,sdl] fix multimon/fullscreen on wayland (#12248)
* Vendor by app (#12207)
* [core,gateway] relax TSG parsing (#12283)
* [winpr,smartcard] simplify PCSC_ReadDeviceSystemName (#12273)
* [client,windows] Implement complete keyboard indicator synchronization
(#12268)
* Fixes more more more (#12286)
* Use application details for names (#12285)
* warning cleanups (#12289)
* Warning cleanup (#12291)
* [client,windows] Enhance memory safety with NULL checks and resource
protection (#12271)
* [client,x11] apply /size:xx% only once (#12293)
* Freerdp config test (#12295)
* [winpr,smartcard] fix returned attribute length (#12296)
* [client,SDL3] Fix properly handle smart-sizing with fullscreen (#12298)
* [core,test] fix use after free (#12299)
* Sign warnings (#12300)
* [cmake,compiler] disable -Wjump-misses-init (#12301)
* [codec,color] fix input length checks (#12302)
* [client,sdl] improve cursor updates, fix surface sizes (#12303)
* Sdl fullscreen (#12217)
* [client,sdl] fix move constructor of SdlWindow (#12305)
* [utils,smartcard] check stream length on padding (#12306)
* [android] Fix invert scrolling default value mismatch (#12309)
* Clear fix bounds checks (#12310)
* Winpr attr nodiscard fkt ptr (#12311)
* [codec,planar] fix missing destination bounds checks (#12312)
* [codec,clear] fix destination checks (#12315)
* NSC Codec fixes (#12317)
* Freerdp api nodiscard (#12313)
* [allocations] fix growth of preallocated buffers (#12319)
* Rdpdr simplify (#12320)
* Resource fix (#12323)
* [winpr,utils] ensure message queue capacity (#12322)
* [server,shadow] fix return and parameter checks (#12330)
* Shadow fixes (#12331)
* [rdtk,nodiscard] mark rdtk API nodiscard (#12329)
* [client,x11] fix XGetWindowProperty return handling (#12334)
* Win32 signal (#12335)
* [channel,usb] fix message parsing and creation (#12336)
* [cmake] Define WINPR_DEFINE_ATTR_NODISCARD (#12338)
* Proxy config fix (#12345)
* [codec,progressive] refine progressive decoding (#12347)
* [client,sdl] fix sdl_Pointer_New (#12350)
* [core,gateway] parse [MS-TSGU] 2.2.10.5 HTTP_CHANNEL_RESPONSE_OPTIONAL
(#12353)
* X11 kbd sym (#12354)
* Windows compile warning fixes (#12357,#12358,#12359)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP applications 16.0
zypper in -t patch SUSE-SLES-16.0-663=1
* SUSE Linux Enterprise Server 16.0
zypper in -t patch SUSE-SLES-16.0-663=1
## Package List:
* SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64)
* freerdp-debuginfo-3.24.2-160000.1.1
* libuwac0-0-debuginfo-3.24.2-160000.1.1
* freerdp-server-3.24.2-160000.1.1
* libwinpr3-3-debuginfo-3.24.2-160000.1.1
* freerdp-server-debuginfo-3.24.2-160000.1.1
* freerdp-proxy-plugins-3.24.2-160000.1.1
* freerdp-wayland-3.24.2-160000.1.1
* libfreerdp-server-proxy3-3-3.24.2-160000.1.1
* winpr-devel-3.24.2-160000.1.1
* freerdp-proxy-plugins-debuginfo-3.24.2-160000.1.1
* freerdp-3.24.2-160000.1.1
* freerdp-proxy-debuginfo-3.24.2-160000.1.1
* freerdp-wayland-debuginfo-3.24.2-160000.1.1
* freerdp-sdl-3.24.2-160000.1.1
* freerdp-devel-3.24.2-160000.1.1
* libfreerdp3-3-debuginfo-3.24.2-160000.1.1
* librdtk0-0-3.24.2-160000.1.1
* librdtk0-0-debuginfo-3.24.2-160000.1.1
* libfreerdp-server-proxy3-3-debuginfo-3.24.2-160000.1.1
* freerdp-sdl-debuginfo-3.24.2-160000.1.1
* libuwac0-0-3.24.2-160000.1.1
* libfreerdp3-3-3.24.2-160000.1.1
* libwinpr3-3-3.24.2-160000.1.1
* freerdp-proxy-3.24.2-160000.1.1
* freerdp-debugsource-3.24.2-160000.1.1
* SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64)
* freerdp-debuginfo-3.24.2-160000.1.1
* libuwac0-0-debuginfo-3.24.2-160000.1.1
* freerdp-server-3.24.2-160000.1.1
* libwinpr3-3-debuginfo-3.24.2-160000.1.1
* freerdp-server-debuginfo-3.24.2-160000.1.1
* freerdp-proxy-plugins-3.24.2-160000.1.1
* freerdp-wayland-3.24.2-160000.1.1
* libfreerdp-server-proxy3-3-3.24.2-160000.1.1
* winpr-devel-3.24.2-160000.1.1
* freerdp-proxy-plugins-debuginfo-3.24.2-160000.1.1
* freerdp-3.24.2-160000.1.1
* freerdp-proxy-debuginfo-3.24.2-160000.1.1
* freerdp-wayland-debuginfo-3.24.2-160000.1.1
* freerdp-sdl-3.24.2-160000.1.1
* freerdp-devel-3.24.2-160000.1.1
* libfreerdp3-3-debuginfo-3.24.2-160000.1.1
* librdtk0-0-3.24.2-160000.1.1
* librdtk0-0-debuginfo-3.24.2-160000.1.1
* libfreerdp-server-proxy3-3-debuginfo-3.24.2-160000.1.1
* freerdp-sdl-debuginfo-3.24.2-160000.1.1
* libuwac0-0-3.24.2-160000.1.1
* libfreerdp3-3-3.24.2-160000.1.1
* libwinpr3-3-3.24.2-160000.1.1
* freerdp-proxy-3.24.2-160000.1.1
* freerdp-debugsource-3.24.2-160000.1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-25941.html
* https://www.suse.com/security/cve/CVE-2026-25942.html
* https://www.suse.com/security/cve/CVE-2026-25952.html
* https://www.suse.com/security/cve/CVE-2026-25953.html
* https://www.suse.com/security/cve/CVE-2026-25954.html
* https://www.suse.com/security/cve/CVE-2026-25955.html
* https://www.suse.com/security/cve/CVE-2026-25959.html
* https://www.suse.com/security/cve/CVE-2026-25997.html
* https://www.suse.com/security/cve/CVE-2026-26271.html
* https://www.suse.com/security/cve/CVE-2026-26955.html
* https://www.suse.com/security/cve/CVE-2026-26965.html
* https://www.suse.com/security/cve/CVE-2026-29774.html
* https://www.suse.com/security/cve/CVE-2026-29775.html
* https://www.suse.com/security/cve/CVE-2026-29776.html
* https://www.suse.com/security/cve/CVE-2026-31806.html
* https://www.suse.com/security/cve/CVE-2026-31883.html
* https://www.suse.com/security/cve/CVE-2026-31884.html
* https://www.suse.com/security/cve/CVE-2026-31885.html
* https://www.suse.com/security/cve/CVE-2026-31897.html
* https://www.suse.com/security/cve/CVE-2026-33952.html
* https://www.suse.com/security/cve/CVE-2026-33977.html
* https://www.suse.com/security/cve/CVE-2026-33982.html
* https://www.suse.com/security/cve/CVE-2026-33983.html
* https://www.suse.com/security/cve/CVE-2026-33984.html
* https://www.suse.com/security/cve/CVE-2026-33985.html
* https://www.suse.com/security/cve/CVE-2026-33986.html
* https://www.suse.com/security/cve/CVE-2026-33987.html
* https://www.suse.com/security/cve/CVE-2026-33995.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258919
* https://bugzilla.suse.com/show_bug.cgi?id=1258920
* https://bugzilla.suse.com/show_bug.cgi?id=1258921
* https://bugzilla.suse.com/show_bug.cgi?id=1258923
* https://bugzilla.suse.com/show_bug.cgi?id=1258924
* https://bugzilla.suse.com/show_bug.cgi?id=1258973
* https://bugzilla.suse.com/show_bug.cgi?id=1258976
* https://bugzilla.suse.com/show_bug.cgi?id=1258977
* https://bugzilla.suse.com/show_bug.cgi?id=1258979
* https://bugzilla.suse.com/show_bug.cgi?id=1258982
* https://bugzilla.suse.com/show_bug.cgi?id=1258985
* https://bugzilla.suse.com/show_bug.cgi?id=1259653
* https://bugzilla.suse.com/show_bug.cgi?id=1259679
* https://bugzilla.suse.com/show_bug.cgi?id=1259680
* https://bugzilla.suse.com/show_bug.cgi?id=1259684
* https://bugzilla.suse.com/show_bug.cgi?id=1259686
* https://bugzilla.suse.com/show_bug.cgi?id=1259689
* https://bugzilla.suse.com/show_bug.cgi?id=1259692
* https://bugzilla.suse.com/show_bug.cgi?id=1259693
* https://bugzilla.suse.com/show_bug.cgi?id=1261196
* https://bugzilla.suse.com/show_bug.cgi?id=1261198
* https://bugzilla.suse.com/show_bug.cgi?id=1261200
* https://bugzilla.suse.com/show_bug.cgi?id=1261211
* https://bugzilla.suse.com/show_bug.cgi?id=1261217
* https://bugzilla.suse.com/show_bug.cgi?id=1261222
* https://bugzilla.suse.com/show_bug.cgi?id=1261223
* https://bugzilla.suse.com/show_bug.cgi?id=1261226
* https://bugzilla.suse.com/show_bug.cgi?id=1261227
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20260504/1049cde1/attachment.htm>
More information about the sle-updates
mailing list