|
|
Log in / Subscribe / Register

Ubuntu alert USN-8004-2 (freerdp2)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-8004-2] FreeRDP regression


Date:
              Mon, 09 Feb 2026 22:21:33 +0000


Message-ID:
              <E1vpZdN-0001HF-HF@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-8004-2
February 08, 2026

freerdp2 regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

USN-8004-1 introduced a regression in FreeRDP

Software Description:
- freerdp2: RDP client for Windows Terminal Services

Details:

USN-8004-1 fixed vulnerabilities in FreeRDP. The update for
CVE-2026-23533 introduced a regression. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Kim Dong Han discovered that FreeRDP did not correctly validate the size of
certain variables, which could cause a buffer overflow. An attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  libfreerdp2-2t64                2.11.5+dfsg1-1ubuntu0.1~esm4
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  libfreerdp2-2                   2.6.1+dfsg1-3ubuntu2.9

Ubuntu 20.04 LTS
  libfreerdp2-2                   2.6.1+dfsg1-0ubuntu0.20.04.2+esm2
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  libfreerdp2-2                   2.2.0+dfsg1-0ubuntu0.18.04.4+esm4
                                  Available with Ubuntu Pro

After a standard system update you need to restart your session to make all
the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8004-2
  https://ubuntu.com/security/notices/USN-8004-1
  CVE-2026-23533, https://bugs.launchpad.net/bugs/2139694

Package Information:
  https://launchpad.net/ubuntu/+source/freerdp2/2.6.1+dfsg1...




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmmKXLgACgkQcpJm3tlz
hgGjvA//fhRF8S9IW9Fad91Fpzcapd2qp5Nel2PDHNt+ZupCuZbE3MSkDEY8/Nih
U3bBMZ7KuvMeXrj0Oahs0304mils/5XqHXB7QkuJQ+gHym9rQjsBb8QwmaQf1puz
27P1dLap7DxC8FgexGjA+Co5Lb6T/eWki8Ksah/VUt5as1a+gUyRVoQmsMe5RGs1
pTZATl/WIj9eIlc4eYmqNDzbBxGTRiWhtn1PGFHkwJ/zeXQ0pj0ioOyDZi6daSUm
ApTAba1OovprYKQy1gKKWnSScx4ZVIUGN9VJTGQ5DS7oC0DyEU8Bywa3P1PHuCj9
wjbeMrF/Mgj8SgdqB1AWU8DEbbKVqzv2YA486q94fMyWLQj881PcQpfWBLkkvIVx
SkbKecHKysxrVwN/aZgCPEZLBurLRZbmeZ9Z6pkeFOR7LzDQip0IAdj5kXcgkBFo
VUYEGATyOEhXW4r5R1AjGT8GmqonZNOJhIK1hZTa8zQ8oG98cHNeGYoGzgL4rCDk
yd9EIb1NAzKSUy/YFt17jEKYmVBZR6Wu2Dtz7QUU7xoVazLywFIcydAyLFDPsi+7
iOGatHXPJxMV7cCQktD4RAjyhZusH5JrKh4/CbZFGleCMn1FbsD69nD62PFvHU0a
0/ojIRPJwrQ5b7jyofvdjQhKTsc5OkWvMDyHtM7PnxZvhTyARWY=
=olLF
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds