Mageia alert MGASA-2026-0086 (freerdp)
| From: | Mageia Updates <updates-announce@ml.mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2026-0086: Updated freerdp packages fix security vulnerabilities | |
| Date: | Mon, 06 Apr 2026 19:36:38 +0200 | |
| Message-ID: | <20260406173638.7259CA0DE9@duvel.mageia.org> | |
| Archive-link: | Article |
MGASA-2026-0086 - Updated freerdp packages fix security vulnerabilities Publication date: 06 Apr 2026 URL: https://advisories.mageia.org/MGASA-2026-0086.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-22852, CVE-2026-22854, CVE-2026-22855, CVE-2026-22856, CVE-2026-22857, CVE-2026-22859, CVE-2026-23732, CVE-2026-23883, CVE-2026-23884, CVE-2026-24491, CVE-2026-26271, CVE-2026-26955, CVE-2026-26965, CVE-2026-31806, CVE-2026-31883, CVE-2026-31885 Description: FreeRDP has a heap-buffer-overflow in audin_process_formats. (CVE-2026-22852) FreeRDP has a heap-buffer-overflow in drive_process_irp_read. (CVE-2026-22854) FreeRDP has a heap-buffer-overflow in smartcard_unpack_set_attrib_call. (CVE-2026-22855) FreeRDP has a heap-use-after-free in create_irp_thread. (CVE-2026-22856) FreeRDP has a heap-use-after-free in irp_thread_func. (CVE-2026-22857) FreeRDP has a heap-buffer-overflow in urb_select_configuration. (CVE-2026-22859) FreeRDP has heap-buffer-overflow in Glyph_Alloc. (CVE-2026-23732) Heap-use-after-free in update_pointer_new. (CVE-2026-23883) Heap-use-after-free in gdi_set_bounds. (CVE-2026-23884) FreeRDP has a heap-use-after-free in video_timer. (CVE-2026-24491) Buffer Overread in FreeRDP Icon Processing. (CVE-2026-26271) FreeRDP has Out-of-bounds Write. (CVE-2026-26955, CVE-2026-26965) FreeRDP has a Heap Buffer Overflow in nsc_process_message() via Unchecked SURFACE_BITS_COMMAND Bitmap Dimensions. (CVE-2026-31806) FreeRDP has a `size_t` underflow in ADPCM decoder leads to heap-buffer-overflow write. (CVE-2026-31883) FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks. (CVE-2026-31885) References: - https://bugs.mageia.org/show_bug.cgi?id=35141 - https://lists.opensuse.org/archives/list/security-announc... - https://lists.fedoraproject.org/archives/list/package-ann... - https://lists.fedoraproject.org/archives/list/package-ann... - https://lists.opensuse.org/archives/list/security-announc... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3... SRPMS: - 9/core/freerdp-2.11.7-1.3.mga9