Issued:: 2026-02-23
Updated:: 2026-02-23

RHSA-2026:3039 - Security Advisory

Overview
Updated Packages

Synopsis

Important: freerdp security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for freerdp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.

Security Fix(es):

freerdp: FreeRDP: Heap buffer overflow leading to denial of service and potential code execution from a malicious server. (CVE-2026-23530)
freerdp: FreeRDP: Denial of Service and potential code execution via use-after-free vulnerability (CVE-2026-23884)
freerdp: FreeRDP: Heap buffer overflow leads to denial of service and potential code execution (CVE-2026-23533)
freerdp: FreeRDP: Heap buffer overflow via crafted RDPGFX surface updates leads to denial of service and potential code execution. (CVE-2026-23531)
freerdp: FreeRDP: Denial of Service and potential code execution via client-side heap buffer overflow (CVE-2026-23532)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

BZ - 2430877 - CVE-2026-23530 freerdp: FreeRDP: Heap buffer overflow leading to denial of service and potential code execution from a malicious server.
BZ - 2430880 - CVE-2026-23884 freerdp: FreeRDP: Denial of Service and potential code execution via use-after-free vulnerability
BZ - 2430886 - CVE-2026-23533 freerdp: FreeRDP: Heap buffer overflow leads to denial of service and potential code execution
BZ - 2430887 - CVE-2026-23531 freerdp: FreeRDP: Heap buffer overflow via crafted RDPGFX surface updates leads to denial of service and potential code execution.
BZ - 2430891 - CVE-2026-23532 freerdp: FreeRDP: Denial of Service and potential code execution via client-side heap buffer overflow

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
freerdp-2.0.0-46.rc4.el8_2.6.src.rpm	SHA-256: add6483d8928c207bab92c9d15af2f187542d87942589c0c96df6ac605c3c28e
x86_64
freerdp-2.0.0-46.rc4.el8_2.6.x86_64.rpm	SHA-256: 60fbdde6c94dcbb5f1aeafcf36693ed0479994f059d4c09fecd6e3d89ec361e9
freerdp-debuginfo-2.0.0-46.rc4.el8_2.6.i686.rpm	SHA-256: fc2ddd9a21324a53941b8449a93ef54bd2c4fdae7aec2fcbcff4047d83737c6d
freerdp-debuginfo-2.0.0-46.rc4.el8_2.6.x86_64.rpm	SHA-256: af384e296dedfaecf1a971559e66dac134e8d275d7c31fe217521fdcf5b21f17
freerdp-debugsource-2.0.0-46.rc4.el8_2.6.i686.rpm	SHA-256: 7d4a9f7a079cfeea12d38da5c32435870e729206a5b6b7f898c1b6137e56602f
freerdp-debugsource-2.0.0-46.rc4.el8_2.6.x86_64.rpm	SHA-256: 8e4450d0821c227afd0645ec856f346f5c38959e1171a736992a85214da774bc
freerdp-libs-2.0.0-46.rc4.el8_2.6.i686.rpm	SHA-256: 498c6bd697a9e5e6ecdf2bd7c221c2f5baba356ea61c71f73b2f06613197ca9b
freerdp-libs-2.0.0-46.rc4.el8_2.6.x86_64.rpm	SHA-256: 61f403f16d001de053fa05bfe3531e19967faa62e2921271cb3a767e7c6cf982
freerdp-libs-debuginfo-2.0.0-46.rc4.el8_2.6.i686.rpm	SHA-256: 9768000ab131143fc8352c3fee615103e36f9eabd5806fcb5c50a92181b4789f
freerdp-libs-debuginfo-2.0.0-46.rc4.el8_2.6.x86_64.rpm	SHA-256: 3337de7cd01fd74b9766c3ebd23b37e4f27e58735755d1ec51cca5ae34b73b72
libwinpr-2.0.0-46.rc4.el8_2.6.i686.rpm	SHA-256: 18dbd73a1203f007c3ba52109106ad147d11e72acd39ce375b889425acaa7924
libwinpr-2.0.0-46.rc4.el8_2.6.x86_64.rpm	SHA-256: 32faa618db4785024bb4d8dba31af74c81a1d6ef409ea00a5be927bc7449b125
libwinpr-debuginfo-2.0.0-46.rc4.el8_2.6.i686.rpm	SHA-256: 0b60f46264a9215545793ba1dff0c8937db930692f57a6f1d678e723f5212f06
libwinpr-debuginfo-2.0.0-46.rc4.el8_2.6.x86_64.rpm	SHA-256: e010afd2ab964230f5957f8e0251c5deded065594e4e1b680dbbd5c9f5833c2d
libwinpr-devel-2.0.0-46.rc4.el8_2.6.i686.rpm	SHA-256: 6e7c00446ae99ca205b7725842f4870f0a35fef68a97d135ebc5efebca97b663
libwinpr-devel-2.0.0-46.rc4.el8_2.6.x86_64.rpm	SHA-256: 51cc8812a14843cbb9fbed4119405c53e1f46cb02c437e61b02b7b65d82beeba

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation