ESB-2026.4552

=========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2026.4552 Security update for freerdp 5 May 2026 =========================================================================== AUSCERT Security Bulletin Summary --------------------------------- Product: freerdp Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2026-29774 CVE-2026-29775 CVE-2026-29776 CVE-2026-31884 CVE-2026-31897 CVE-2026-33984 CVE-2026-33983 CVE-2026-26965 CVE-2026-26955 CVE-2026-26271 CVE-2026-25997 CVE-2026-25959 CVE-2026-25955 CVE-2026-25954 CVE-2026-25953 CVE-2026-25952 CVE-2026-31806 CVE-2026-31883 CVE-2026-25942 CVE-2026-25941 CVE-2026-31885 CVE-2026-33986 CVE-2026-33952 CVE-2026-33995 CVE-2026-33977 CVE-2026-33982 CVE-2026-33985 CVE-2026-33987 Original Bulletin: https://www.suse.com/support/update/announcement/2026/suse-su-202621436-1 Comment: CVSS (Max): 8.8 CVE-2026-31806 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSS Source: NIST, [SUSE] Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H EPSS (Max): 0.2% (36th) CVE-2026-25997 2026-05-03 - --------------------------BEGIN INCLUDED TEXT-------------------- Security update for freerdp Announcement ID: SUSE-SU-2026:21436-1 Release Date: 2026-04-30T16:52:03Z Rating: important o bsc#1258919 o bsc#1258920 o bsc#1258921 o bsc#1258923 o bsc#1258924 o bsc#1258973 o bsc#1258976 o bsc#1258977 o bsc#1258979 o bsc#1258982 o bsc#1258985 o bsc#1259653 o bsc#1259679 o bsc#1259680 References: o bsc#1259684 o bsc#1259686 o bsc#1259689 o bsc#1259692 o bsc#1259693 o bsc#1261196 o bsc#1261198 o bsc#1261200 o bsc#1261211 o bsc#1261217 o bsc#1261222 o bsc#1261223 o bsc#1261226 o bsc#1261227 o CVE-2026-25941 o CVE-2026-25942 o CVE-2026-25952 o CVE-2026-25953 o CVE-2026-25954 o CVE-2026-25955 o CVE-2026-25959 o CVE-2026-25997 o CVE-2026-26271 o CVE-2026-26955 o CVE-2026-26965 o CVE-2026-29774 o CVE-2026-29775 o CVE-2026-29776 Cross-References: o CVE-2026-31806 o CVE-2026-31883 o CVE-2026-31884 o CVE-2026-31885 o CVE-2026-31897 o CVE-2026-33952 o CVE-2026-33977 o CVE-2026-33982 o CVE-2026-33983 o CVE-2026-33984 o CVE-2026-33985 o CVE-2026-33986 o CVE-2026-33987 o CVE-2026-33995 o CVE-2026-25941 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N /UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N o CVE-2026-25941 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R /S:U/C:L/I:N/A:N o CVE-2026-25941 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/ S:U/C:H/I:N/A:H o CVE-2026-25941 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/ S:U/C:L/I:N/A:N o CVE-2026-25942 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N /UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N o CVE-2026-25942 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:L o CVE-2026-25942 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/ UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/ MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/ MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X o CVE-2026-25942 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:N/I:N/A:H o CVE-2026-25952 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N /UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N o CVE-2026-25952 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:L o CVE-2026-25952 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/ UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/ MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/ MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X o CVE-2026-25952 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:H/I:H/A:H o CVE-2026-25953 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N /UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N o CVE-2026-25953 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:L o CVE-2026-25953 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/ UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/ MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/ MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X o CVE-2026-25953 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:H/I:H/A:H o CVE-2026-25954 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N /UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N o CVE-2026-25954 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:L o CVE-2026-25954 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/ UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/ MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/ MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X o CVE-2026-25954 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:N/I:N/A:H o CVE-2026-25955 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N /UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N o CVE-2026-25955 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R /S:U/C:N/I:N/A:L o CVE-2026-25955 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/ UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/ MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/ MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X o CVE-2026-25955 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:H/I:H/A:H o CVE-2026-25959 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N /UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N o CVE-2026-25959 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R /S:U/C:N/I:N/A:H o CVE-2026-25959 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/ UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/ MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/ MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X o CVE-2026-25959 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:H/I:H/A:H o CVE-2026-25997 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N /UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N o CVE-2026-25997 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R /S:U/C:N/I:N/A:H o CVE-2026-25997 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/ UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/ MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/ MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X o CVE-2026-25997 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:H/I:H/A:H o CVE-2026-26271 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/ UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/ MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/ MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X o CVE-2026-26271 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:N/I:N/A:L o CVE-2026-26955 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N /UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N o CVE-2026-26955 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R /S:U/C:H/I:H/A:H o CVE-2026-26955 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/ S:U/C:H/I:H/A:H o CVE-2026-26965 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N /UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N o CVE-2026-26965 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R /S:U/C:H/I:H/A:H o CVE-2026-26965 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/ S:U/C:H/I:H/A:H o CVE-2026-29774 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N /UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N o CVE-2026-29774 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:L o CVE-2026-29774 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:N/I:N/A:L o CVE-2026-29774 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:N/I:L/A:H o CVE-2026-29775 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N /UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N o CVE-2026-29775 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N /S:U/C:N/I:N/A:L o CVE-2026-29775 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:N/I:N/A:L o CVE-2026-29775 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ CVSS scores: S:U/C:N/I:L/A:H o CVE-2026-29776 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N /UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N o CVE-2026-29776 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R /S:U/C:N/I:N/A:L o CVE-2026-29776 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/ S:U/C:N/I:N/A:L o CVE-2026-31806 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:H/AT:N/PR:N /UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N o CVE-2026-31806 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R /S:U/C:H/I:H/A:H o CVE-2026-31806 ( NVD ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/ UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/ MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/ MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X o CVE-2026-31806 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:H/I:H/A:H o CVE-2026-31883 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N /UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N o CVE-2026-31883 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:L/I:L/A:L o CVE-2026-31883 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:H/I:H/A:H o CVE-2026-31883 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:L/I:L/A:N o CVE-2026-31884 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N /UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N o CVE-2026-31884 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N /S:U/C:N/I:N/A:L o CVE-2026-31884 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/ S:U/C:N/I:N/A:H o CVE-2026-31884 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:N/I:N/A:H o CVE-2026-31885 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N /UI:P/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N o CVE-2026-31885 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R /S:U/C:H/I:N/A:L o CVE-2026-31885 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/ S:U/C:H/I:N/A:N o CVE-2026-31885 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:H/I:L/A:H o CVE-2026-31897 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N /UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N o CVE-2026-31897 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R /S:U/C:N/I:N/A:L o CVE-2026-31897 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:H/I:N/A:H o CVE-2026-31897 ( NVD ): 0.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/ S:U/C:N/I:N/A:N o CVE-2026-33952 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N /UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N o CVE-2026-33952 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R /S:U/C:N/I:N/A:H o CVE-2026-33952 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/ UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/ MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/ MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X o CVE-2026-33952 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/ S:U/C:N/I:N/A:H o CVE-2026-33952 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/ S:U/C:N/I:N/A:H o CVE-2026-33977 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N /UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N o CVE-2026-33977 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R /S:U/C:N/I:N/A:H o CVE-2026-33977 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/ UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/ MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/ MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X o CVE-2026-33977 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/ S:U/C:N/I:N/A:H o CVE-2026-33982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R /S:U/C:H/I:N/A:N o CVE-2026-33982 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/ S:U/C:H/I:N/A:H o CVE-2026-33982 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/ S:U/C:H/I:N/A:H o CVE-2026-33983 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N /UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N o CVE-2026-33983 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R /S:U/C:N/I:N/A:H o CVE-2026-33983 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/ S:U/C:N/I:N/A:H o CVE-2026-33984 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:L/AT:P/PR:N /UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N o CVE-2026-33984 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R /S:U/C:H/I:H/A:H o CVE-2026-33984 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/ S:U/C:H/I:H/A:H o CVE-2026-33985 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N /UI:A/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N o CVE-2026-33985 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R /S:U/C:H/I:N/A:L o CVE-2026-33985 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/ S:U/C:H/I:N/A:L o CVE-2026-33985 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/ S:U/C:H/I:N/A:L o CVE-2026-33986 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R /S:U/C:H/I:H/A:H o CVE-2026-33986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/ S:U/C:H/I:H/A:H o CVE-2026-33987 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R /S:U/C:N/I:H/A:N o CVE-2026-33987 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/ S:U/C:N/I:H/A:H o CVE-2026-33987 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/ S:U/C:N/I:H/A:H o CVE-2026-33995 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R /S:U/C:N/I:N/A:H o CVE-2026-33995 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:N/I:N/A:L Affected o SUSE Linux Enterprise Server 16.0 Products: o SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves 28 vulnerabilities can now be installed. Description: This update for freerdp fixes the following issues: Update to version 3.24.2. Security issues fixed: o CVE-2026-25941: out-of-bounds read in the FreeRDP client RDPGFX channel (bsc#1258919). o CVE-2026-25942: buffer overflow of global array in xf_rail_server_execute_result (bsc#1258920). o CVE-2026-25952: heap use-after-free in xf_SetWindowMinMaxInfo (bsc# 1258921). o CVE-2026-25953: heap use-after-free in xf_AppUpdateWindowFromSurface (bsc# 1258923). o CVE-2026-25954: heap use-after-free in xf_rail_server_local_move_size (bsc# 1258924). o CVE-2026-25955: heap use-after-free in xf_AppUpdateWindowFromSurface (bsc# 1258973). o CVE-2026-25959: heap use-after-free in xf_cliprdr_provide_data_ (bsc# 1258976). o CVE-2026-25997: heap use-after-free in xf_clipboard_format_equal (bsc# 1258977). o CVE-2026-26271: buffer overread in FreeRDP icon processing (bsc#1258979). o CVE-2026-26955: out-of-bounds write in FreeRDP clients using the GDI surface pipeline (bsc#1258982). o CVE-2026-26965: out-of-bounds write in FreeRDP client RLE planar decode path (bsc#1258985). o CVE-2026-29774: heap buffer overflow in the FreeRDP client's AVC420/AVC444 YUV-to-RGB conversion path (bsc#1259689). o CVE-2026-29775: out-of-bounds access in the FreeRDP client bitmap cache subsystem (bsc#1259684). o CVE-2026-29776: integer underflow in update_read_cache_bitmap_order (bsc# 1259692). o CVE-2026-31806: heap buffer overflow in nsc_process_message (bsc#1259653). o CVE-2026-31883: heap buffer overwrite due to a size_t underflow in the IMA-ADPCM and MS-ADPCM audio decoders (bsc#1259679). o CVE-2026-31884: division by zero in MS-ADPCM and IMA-ADPCM decoders (bsc# 1259680). o CVE-2026-31885: out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders (bsc# 1259686). o CVE-2026-31897: out-of-bounds read in freerdp_bitmap_decompress_planar (bsc #1259693). o CVE-2026-33952: client-side crash due to WINPR_ASSERT() failure in rts_read_auth_verifier_no_checks() (bsc#1261196). o CVE-2026-33977: client-side crash due to WINPR_ASSERT() failure in IMA ADPCM audio decoder (bsc#1261198). o CVE-2026-33982: heap buffer overread in in winpr_aligned_offset_recalloc (bsc#1261222). o CVE-2026-33983: undefined behavior and resource exhaustion via 80 billion iteration loop in progressive_decompress_tile_upgrade (bsc#1261200). o CVE-2026-33984: heap buffer overflow in ClearCodec resize_vbar_entry (bsc# 1261211). o CVE-2026-33985: heap out-of-bounds read in clear_decompress_glyph_data (bsc #1261217). o CVE-2026-33986: heap out-of-bounds write due to H.264 YUV buffer dimension desync (bsc#1261223). o CVE-2026-33987: heap out-of-bounds write due to persistent cache bmpSize desync (bsc#1261226). o CVE-2026-33995: double-free vulnerability in kerberos_AcceptSecurityContext and kerberos_InitializeSecurityContextA (bsc#1261227). Other updates and bugfixes: o Version 3.24.2: o [channels,video] fix wrong cast (#12511) o [codec,openh264] reject encoder ABI mismatch on runtime-loaded library (# 12510) o [client,sdl] create a copy of rdpPointer (#12512) o [codec,video] properly pass intermediate format (#12518) o [utils, signal] lazily initialize Windows CRITICAL_SECTION to match POSIX static mutex behavior (#12520) winpr: improve libunwind backtraces (#12530) o [server,shadow] remember selected caps (#12528) o Zero credential data before free in NLA and NTLM context (#12532) o [server,proxy] ignore missing client in input channel (#12536) o [server,proxy] ignore rdpdr messages (#12537) o [winpr,sspi] improve kerberos logging (#12538) o Codec fixes (#12542) o Version 3.24.1: o [warnings] fix various sign and cast warnings (#12480) o [client,x11] start with xfc->remote_app = TRUE; (#12491) o Sam file read regression fix (#12484) o [ncrypt,smartcardlogon] support ECC keys in PKCS#11 smartcard enumeration (#12490) o Fix: memory leak in rdp_client_establish_keys() (#12494) o Fix memory leak in freerdp_settings_int_buffer_copy() on error paths (libfreerdp/core/settings.c) (#12486) o Code Cleanups (#12493) o Fix: memory leak in PCSC_SCardListReadersW() (#12495) o [channels,telemetry] use dynamic logging (#12496) o [channel,gfx] use generic plugin log (@12498, #12499) o [channels,audin] set error when audio_format_read fails (#12500) o [channels,video] unify error handling (#12502) o Fastpath fine grained lock (#12503) o [core,update] make the PlaySound callback non-mandatory (#12504) o Refinements: RPM build updates, FIPS improvements (#12506) o Version 3.24.0: o Completed the [[nodiscard]] marking of the API to warn about problematic o unchecked use of functions o Added full C23 support (default stays at C11) to allow new compilers o to do stricter checking o Improved X11 and SDL3 clients o Improved smartcard support o proxy now supports RFX graphics mode o Attribute nodiscard related chanes (#12325, #12360, #12395, #12406, #12421, #12426, #12177, #12403, #12405, #12407, #12409, #12408, #12412, #12413) o c23 related improvements (#12368, #12371, #12379, #12381, #12383, #12385, # 12386, #12387, #12384) o Generic code cleanups (#12382, #12439, #12455, #12462, #12399, #12473) [core,utils] ignore NULL values in remove_rdpdr_type (#12372) o [codec,fdk] revert use of WinPR types (#12373) o [core,gateway] ignore incomplete rpc header (#12375, #12376) o [warnings] make function declaration names consistent (#12377) o [libfreerdp] Add new define for logon error info (#12380) o [client,x11] improve rails window locking (#12392) o Reload fix missing null checks (#12396) o Bounds checks (#12400) o [server,proxy] check for nullptr before using scard_call_context (#12404) o [uwac] fix rectangular glitch around surface damage regions (#12410) o Address various error handling inconsistencies (#12411) o [core,server] Improve WTS API locking (#12414) o Address some GCC compile issues (#12415, #12420) o Winpr atexit (#12416) o [winpr,smartcard] fix function pointer casts (#12422) o Xf timer fix (#12423) o [client,sdl] workaround for wlroots compositors (#12425) o [client,sdl] fix SdlWindow::query (#12378) o [winpr,smartcard] fix PCSC_ReleaseCardContext (#12427) o [client,x11] eliminate obsolete compile flags (#12428) o [client,common] skip sending input events when not connected (#12429) o Input connected checks (#12430) o Floatbar and display channel improvements (#12431) o [winpr,platform] fix WINPR_ATTR_NODISCARD definition (#12432) o [client] Fix writing of gatewayusagemethod to .rdp files (#12433) o Nodiscard finetune (#12435) o [core] fix missing gateway credential sync (#12436) o [client,sdl3] limit FREERDP_WLROOTS_HACK (#12441) o [core,settings] Allow FreeRDP_instance in setter (#12442) o [codec,h264] make log message trace (#12444) o X11 rails improve (#12440) o [codec,nsc] limit copy area in nsc_process_message (#12448) o Proxy support RFX and NSC settings (#12449) o [client,common] display a shortened help on parsing issues (#12450) o [winpr,smartcard] refine locking for pcsc layer (#12451) o [codec,swscale] allow runtime loading of swscale (#12452) o Swscale fallback (#12454) o Sdl multi scaling support (#12456) o [packaging,flatpak] update runtime and dependencies (#12457) o [codec,video] add doxygen version details (#12458) o [github,templates] update templates (#12460) o [client,sdl] allow FREERDP_WLROOTS_HACK for all sessions (#12461) o [warnings,nodiscard] add log messages for failures (#12463) o [gdi,gdi] ignore empty rectangles (#12467) o Smartcard fix smartcard-login, pass rdpContext for abort (#12466) o [winpr,smartcard] fix compiler warnings (#12469) o [winpr,timezone] fix search for transition dates (#12468) o [client,common] improve /p help (#12471) o Scard logging refactored (#12472) o [emu,scard] fix smartcard emulation (#12475) o Sdl null cursor (#12474) o Version 3.23.0: o Sdl cleanup (#12202) o [client,sdl] do not apply window offset (#12205) o [client,sdl] add SDL_Error to exceptions (#12214) o Rdp monitor log (#12215) o [winpr,smartcard] implement some attributes (#12213) o [client,windows] Fix return value checks for mouse event functions (#12279) o [channels,rdpecam] fix sws context checks (#12272) o [client,windows] Enhance error handling and context validation (#12264) o [client,windows] Add window handle validation in RDP_EVENT_TYPE_WINDOW_NEW (#12261) o [client,sdl] fix multimon/fullscreen on wayland (#12248) o Vendor by app (#12207) o [core,gateway] relax TSG parsing (#12283) o [winpr,smartcard] simplify PCSC_ReadDeviceSystemName (#12273) o [client,windows] Implement complete keyboard indicator synchronization (# 12268) o Fixes more more more (#12286) o Use application details for names (#12285) o warning cleanups (#12289) o Warning cleanup (#12291) o [client,windows] Enhance memory safety with NULL checks and resource protection (#12271) o [client,x11] apply /size:xx% only once (#12293) o Freerdp config test (#12295) o [winpr,smartcard] fix returned attribute length (#12296) o [client,SDL3] Fix properly handle smart-sizing with fullscreen (#12298) o [core,test] fix use after free (#12299) o Sign warnings (#12300) o [cmake,compiler] disable -Wjump-misses-init (#12301) o [codec,color] fix input length checks (#12302) o [client,sdl] improve cursor updates, fix surface sizes (#12303) o Sdl fullscreen (#12217) o [client,sdl] fix move constructor of SdlWindow (#12305) o [utils,smartcard] check stream length on padding (#12306) o [android] Fix invert scrolling default value mismatch (#12309) o Clear fix bounds checks (#12310) o Winpr attr nodiscard fkt ptr (#12311) o [codec,planar] fix missing destination bounds checks (#12312) o [codec,clear] fix destination checks (#12315) o NSC Codec fixes (#12317) o Freerdp api nodiscard (#12313) o [allocations] fix growth of preallocated buffers (#12319) o Rdpdr simplify (#12320) o Resource fix (#12323) o [winpr,utils] ensure message queue capacity (#12322) o [server,shadow] fix return and parameter checks (#12330) o Shadow fixes (#12331) o [rdtk,nodiscard] mark rdtk API nodiscard (#12329) o [client,x11] fix XGetWindowProperty return handling (#12334) o Win32 signal (#12335) o [channel,usb] fix message parsing and creation (#12336) o [cmake] Define WINPR_DEFINE_ATTR_NODISCARD (#12338) o Proxy config fix (#12345) o [codec,progressive] refine progressive decoding (#12347) o [client,sdl] fix sdl_Pointer_New (#12350) o [core,gateway] parse [MS-TSGU] 2.2.10.5 HTTP_CHANNEL_RESPONSE_OPTIONAL (# 12353) o X11 kbd sym (#12354) o Windows compile warning fixes (#12357,#12358,#12359) Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-663=1 o SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-663=1 Package List: o SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) freerdp-debuginfo-3.24.2-160000.1.1 libuwac0-0-debuginfo-3.24.2-160000.1.1 freerdp-server-3.24.2-160000.1.1 libwinpr3-3-debuginfo-3.24.2-160000.1.1 freerdp-server-debuginfo-3.24.2-160000.1.1 freerdp-proxy-plugins-3.24.2-160000.1.1 freerdp-wayland-3.24.2-160000.1.1 libfreerdp-server-proxy3-3-3.24.2-160000.1.1 winpr-devel-3.24.2-160000.1.1 freerdp-proxy-plugins-debuginfo-3.24.2-160000.1.1 freerdp-3.24.2-160000.1.1 freerdp-proxy-debuginfo-3.24.2-160000.1.1 freerdp-wayland-debuginfo-3.24.2-160000.1.1 freerdp-sdl-3.24.2-160000.1.1 freerdp-devel-3.24.2-160000.1.1 libfreerdp3-3-debuginfo-3.24.2-160000.1.1 librdtk0-0-3.24.2-160000.1.1 librdtk0-0-debuginfo-3.24.2-160000.1.1 libfreerdp-server-proxy3-3-debuginfo-3.24.2-160000.1.1 freerdp-sdl-debuginfo-3.24.2-160000.1.1 libuwac0-0-3.24.2-160000.1.1 libfreerdp3-3-3.24.2-160000.1.1 libwinpr3-3-3.24.2-160000.1.1 freerdp-proxy-3.24.2-160000.1.1 freerdp-debugsource-3.24.2-160000.1.1 o SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) freerdp-debuginfo-3.24.2-160000.1.1 libuwac0-0-debuginfo-3.24.2-160000.1.1 freerdp-server-3.24.2-160000.1.1 libwinpr3-3-debuginfo-3.24.2-160000.1.1 freerdp-server-debuginfo-3.24.2-160000.1.1 freerdp-proxy-plugins-3.24.2-160000.1.1 freerdp-wayland-3.24.2-160000.1.1 libfreerdp-server-proxy3-3-3.24.2-160000.1.1 winpr-devel-3.24.2-160000.1.1 freerdp-proxy-plugins-debuginfo-3.24.2-160000.1.1 freerdp-3.24.2-160000.1.1 freerdp-proxy-debuginfo-3.24.2-160000.1.1 freerdp-wayland-debuginfo-3.24.2-160000.1.1 freerdp-sdl-3.24.2-160000.1.1 freerdp-devel-3.24.2-160000.1.1 libfreerdp3-3-debuginfo-3.24.2-160000.1.1 librdtk0-0-3.24.2-160000.1.1 librdtk0-0-debuginfo-3.24.2-160000.1.1 libfreerdp-server-proxy3-3-debuginfo-3.24.2-160000.1.1 freerdp-sdl-debuginfo-3.24.2-160000.1.1 libuwac0-0-3.24.2-160000.1.1 libfreerdp3-3-3.24.2-160000.1.1 libwinpr3-3-3.24.2-160000.1.1 freerdp-proxy-3.24.2-160000.1.1 freerdp-debugsource-3.24.2-160000.1.1 References: o https://www.suse.com/security/cve/CVE-2026-25941.html o https://www.suse.com/security/cve/CVE-2026-25942.html o https://www.suse.com/security/cve/CVE-2026-25952.html o https://www.suse.com/security/cve/CVE-2026-25953.html o https://www.suse.com/security/cve/CVE-2026-25954.html o https://www.suse.com/security/cve/CVE-2026-25955.html o https://www.suse.com/security/cve/CVE-2026-25959.html o https://www.suse.com/security/cve/CVE-2026-25997.html o https://www.suse.com/security/cve/CVE-2026-26271.html o https://www.suse.com/security/cve/CVE-2026-26955.html o https://www.suse.com/security/cve/CVE-2026-26965.html o https://www.suse.com/security/cve/CVE-2026-29774.html o https://www.suse.com/security/cve/CVE-2026-29775.html o https://www.suse.com/security/cve/CVE-2026-29776.html o https://www.suse.com/security/cve/CVE-2026-31806.html o https://www.suse.com/security/cve/CVE-2026-31883.html o https://www.suse.com/security/cve/CVE-2026-31884.html o https://www.suse.com/security/cve/CVE-2026-31885.html o https://www.suse.com/security/cve/CVE-2026-31897.html o https://www.suse.com/security/cve/CVE-2026-33952.html o https://www.suse.com/security/cve/CVE-2026-33977.html o https://www.suse.com/security/cve/CVE-2026-33982.html o https://www.suse.com/security/cve/CVE-2026-33983.html o https://www.suse.com/security/cve/CVE-2026-33984.html o https://www.suse.com/security/cve/CVE-2026-33985.html o https://www.suse.com/security/cve/CVE-2026-33986.html o https://www.suse.com/security/cve/CVE-2026-33987.html o https://www.suse.com/security/cve/CVE-2026-33995.html o https://bugzilla.suse.com/show_bug.cgi?id=1258919 o https://bugzilla.suse.com/show_bug.cgi?id=1258920 o https://bugzilla.suse.com/show_bug.cgi?id=1258921 o https://bugzilla.suse.com/show_bug.cgi?id=1258923 o https://bugzilla.suse.com/show_bug.cgi?id=1258924 o https://bugzilla.suse.com/show_bug.cgi?id=1258973 o https://bugzilla.suse.com/show_bug.cgi?id=1258976 o https://bugzilla.suse.com/show_bug.cgi?id=1258977 o https://bugzilla.suse.com/show_bug.cgi?id=1258979 o https://bugzilla.suse.com/show_bug.cgi?id=1258982 o https://bugzilla.suse.com/show_bug.cgi?id=1258985 o https://bugzilla.suse.com/show_bug.cgi?id=1259653 o https://bugzilla.suse.com/show_bug.cgi?id=1259679 o https://bugzilla.suse.com/show_bug.cgi?id=1259680 o https://bugzilla.suse.com/show_bug.cgi?id=1259684 o https://bugzilla.suse.com/show_bug.cgi?id=1259686 o https://bugzilla.suse.com/show_bug.cgi?id=1259689 o https://bugzilla.suse.com/show_bug.cgi?id=1259692 o https://bugzilla.suse.com/show_bug.cgi?id=1259693 o https://bugzilla.suse.com/show_bug.cgi?id=1261196 o https://bugzilla.suse.com/show_bug.cgi?id=1261198 o https://bugzilla.suse.com/show_bug.cgi?id=1261200 o https://bugzilla.suse.com/show_bug.cgi?id=1261211 o https://bugzilla.suse.com/show_bug.cgi?id=1261217 o https://bugzilla.suse.com/show_bug.cgi?id=1261222 o https://bugzilla.suse.com/show_bug.cgi?id=1261223 o https://bugzilla.suse.com/show_bug.cgi?id=1261226 o https://bugzilla.suse.com/show_bug.cgi?id=1261227 - --------------------------END INCLUDED TEXT---------------------- You have received this e-mail bulletin as a result of your organisation's registration with AUSCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AUSCERT's members. As AUSCERT did not write the document quoted above, AUSCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AUSCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://portal.auscert.org.au/bulletins/ =========================================================================== AUSCERT The University of Queensland, Brisbane QLD 4072 Australia e: auscert@auscert.org.au t: +61 (0)7 3365 4417 Allies in Cyber Security ===========================================================================