SUSE alert openSUSE-SU-2026:10459-1 (freerdp2)
| From: | null@suse.de | |
| To: | security-announce@lists.opensuse.org | |
| Subject: | openSUSE-SU-2026:10459-1: moderate: freerdp2-2.11.7-6.1 on GA media | |
| Date: | Wed, 01 Apr 2026 17:37:31 +0200 | |
| Message-ID: | <20260401153731.E7942FDC6@maintenance.suse.de> | |
| Archive-link: | Article |
# freerdp2-2.11.7-6.1 on GA media Announcement ID: openSUSE-SU-2026:10459-1 Rating: moderate Cross-References: * CVE-2026-22855 * CVE-2026-22857 * CVE-2026-23533 * CVE-2026-23732 * CVE-2026-23883 * CVE-2026-23884 * CVE-2026-26271 * CVE-2026-26955 * CVE-2026-26965 * CVE-2026-31806 * CVE-2026-31883 * CVE-2026-31885 CVSS scores: * CVE-2026-22855 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-22855 ( SUSE ): 6.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-22857 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-22857 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23533 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-23533 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23732 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-23732 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23883 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-23883 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23884 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-23884 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-26955 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26955 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-26965 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26965 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31806 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-31806 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31883 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31883 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-31885 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L * CVE-2026-31885 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves 12 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the freerdp2-2.11.7-6.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * freerdp2 2.11.7-6.1 * freerdp2-devel 2.11.7-6.1 * freerdp2-proxy 2.11.7-6.1 * freerdp2-server 2.11.7-6.1 * libfreerdp2-2 2.11.7-6.1 * libwinpr2-2 2.11.7-6.1 * winpr2-devel 2.11.7-6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-22855.html * https://www.suse.com/security/cve/CVE-2026-22857.html * https://www.suse.com/security/cve/CVE-2026-23533.html * https://www.suse.com/security/cve/CVE-2026-23732.html * https://www.suse.com/security/cve/CVE-2026-23883.html * https://www.suse.com/security/cve/CVE-2026-23884.html * https://www.suse.com/security/cve/CVE-2026-26271.html * https://www.suse.com/security/cve/CVE-2026-26955.html * https://www.suse.com/security/cve/CVE-2026-26965.html * https://www.suse.com/security/cve/CVE-2026-31806.html * https://www.suse.com/security/cve/CVE-2026-31883.html * https://www.suse.com/security/cve/CVE-2026-31885.html