ALSA-2026:16019

[ALSA-2026:16019] Moderate: freerdp security update

Type:

security

Severity:

moderate

Release date:

2026-05-11

Description:

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.  

Security Fix(es):  

  * freerdp: FreeRDP: Denial of service due to use-after-free vulnerability (CVE-2026-25952)
  * freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect (CVE-2026-26986)
  * freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity (CVE-2026-27951)
  * freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId (CVE-2026-29775)
  * freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks (CVE-2026-31885)
  * freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0 (CVE-2026-31884)
  * freerdp: FreeRDP: Denial of Service via crafted audio data in RDP (CVE-2026-31883)
  * FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read (CVE-2026-33985)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	freerdp-devel-2.11.7-9.el8_10.aarch64.rpm	381a6404b7326fe9c69e9b1c2c1bf096ba3ed47896c24c9ae623126df21b6a77
aarch64	libwinpr-devel-2.11.7-9.el8_10.aarch64.rpm	404c0d47acc6b325d9d68a4d84fdedda62c288fce20e2f326fa79ed757759edf
aarch64	freerdp-libs-2.11.7-9.el8_10.aarch64.rpm	495184eaf344eae396971761769d062f364cdbf7d09decffa9a9d2ad2815e8be
aarch64	freerdp-2.11.7-9.el8_10.aarch64.rpm	5d926724f854b25750568e233b51b85bd5f42449c923412f5011b5ffb44e8587
aarch64	libwinpr-2.11.7-9.el8_10.aarch64.rpm	f506f0733cd50acf9d6407c0da5f3e9cd38449e84f852b2165ac38f19f1c2701
i686	freerdp-devel-2.11.7-9.el8_10.i686.rpm	075ae9d0635539020457574c0fcf21606350250cfdb17f9734870b36344bceca
i686	libwinpr-2.11.7-9.el8_10.i686.rpm	3d0fdb1979a7910d62b6a1d7f215c19e72f6a18a88741fa8d23200748b3fc125
i686	freerdp-libs-2.11.7-9.el8_10.i686.rpm	86ea06409266c722f23392c9323a50a34b85cc8b80bf3db1eed20c7cd9fc7ba5
i686	libwinpr-devel-2.11.7-9.el8_10.i686.rpm	8fe30e3f29616084436dc76ea3eefbce3398c97d3e2be278c4f1bc0a439153ca
ppc64le	freerdp-devel-2.11.7-9.el8_10.ppc64le.rpm	43d6215c42c607b72c7434976a3c9d4723a9e11260eccbebe49b04c7cdad838d
ppc64le	freerdp-libs-2.11.7-9.el8_10.ppc64le.rpm	446da55b1180875dde258c511200abb5569d9dec8ccfbffab9763a5b7e525c73
ppc64le	libwinpr-devel-2.11.7-9.el8_10.ppc64le.rpm	90a7b9f14384aad66f5b8dd5543d6d3dde9c3ba73103efa8f51dbdb92950eeaa
ppc64le	libwinpr-2.11.7-9.el8_10.ppc64le.rpm	9c40cd1067f494c19abcfcd35e4bdee17d9ef66c7ffef6884a335716e27b36d8
ppc64le	freerdp-2.11.7-9.el8_10.ppc64le.rpm	a20bd1493b072c9c03c37bac71914450cd101a0299678b4aa90a2fc6b807dcde
s390x	freerdp-libs-2.11.7-9.el8_10.s390x.rpm	34c5b5a9711c699c60a10632c4b9b99a8872886a2e537f72b12c62fb3e8f9d0c
s390x	libwinpr-2.11.7-9.el8_10.s390x.rpm	4aefe20ee1a285bd12997dc6ad9b58ca15154433157ce981ea8bd524fe449e81
s390x	freerdp-2.11.7-9.el8_10.s390x.rpm	5ad314cc3b9f7bc5c3799a31ab0002afe683d4e1bfc706aa6182469b50254e94
s390x	libwinpr-devel-2.11.7-9.el8_10.s390x.rpm	91086844717d5f177c00067beec1b292d2c0234cc08e115a8e7196b309b72e53
s390x	freerdp-devel-2.11.7-9.el8_10.s390x.rpm	f11eeae7fc09aaeb662c580f38f7a30ca4f706d78b64e5dfe1aadd8ae83c55c1
x86_64	freerdp-libs-2.11.7-9.el8_10.x86_64.rpm	28edcaadb560e1a10b35830da4b125797a7e5d2a0e1a06c118f618df8fd1069e
x86_64	freerdp-devel-2.11.7-9.el8_10.x86_64.rpm	60f47ab13c0d412730a536a06c7a5290fc78877bb82167b045c0d3cd205151e9
x86_64	freerdp-2.11.7-9.el8_10.x86_64.rpm	6d9f46b3f13771c12e5f520a4298993396f5904594c334f17ea907ff7476e8bf
x86_64	libwinpr-2.11.7-9.el8_10.x86_64.rpm	ce9b1161fed6343005b596282cf215951b92c9d5677351c544cf88fa792e357d
x86_64	libwinpr-devel-2.11.7-9.el8_10.x86_64.rpm	f524a29cc8b7ae3847f9f2cefe26316a992f2303c92eb847672d168a042d372a

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.