Security update for freerdp

Announcement ID:	SUSE-SU-2026:0421-1
Release Date:	2026-02-10T15:28:57Z
Rating:	important
References:	bsc#1256718 bsc#1256720 bsc#1256722 bsc#1256725 bsc#1256940 bsc#1256941 bsc#1256942 bsc#1256944
Cross-References:	CVE-2026-22852 CVE-2026-22854 CVE-2026-22856 CVE-2026-22859 CVE-2026-23530 CVE-2026-23531 CVE-2026-23532 CVE-2026-23534
CVSS scores:	CVE-2026-22852 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-22852 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2026-22852 ( NVD ): 6.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2026-22852 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-22854 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-22854 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2026-22854 ( NVD ): 6.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2026-22854 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-22856 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-22856 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2026-22856 ( NVD ): 6.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2026-22856 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-22859 ( SUSE ): 6.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-22859 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2026-22859 ( NVD ): 5.6 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2026-22859 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2026-23530 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-23530 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2026-23530 ( NVD ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2026-23530 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-23531 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-23531 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2026-23531 ( NVD ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2026-23531 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-23532 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-23532 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2026-23532 ( NVD ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2026-23532 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-23534 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-23534 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2026-23534 ( NVD ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2026-23534 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:	openSUSE Leap 15.4 SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise Real Time 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 SUSE Package Hub 15 15-SP7

An update that solves eight vulnerabilities can now be installed.

Description:

This update for freerdp fixes the following issues:

• CVE-2026-22852: a malicious RDP server can trigger a heap-buffer-overflow in audin_process_formats (bsc#1256718).
• CVE-2026-22854: server-controlled read length is used to read file data into an IRP output can cause heap-buffer-overflow in drive_process_irp_read (bsc#1256720).
• CVE-2026-22856: race condition in the serial channel IRP thread tracking can cause heap-use-after-free in create_irp_thread(bsc#1256722).
• CVE-2026-22859: improper bound check can lead to heap-buffer-overflow in urb_select_configuration (bsc#1256725).
• CVE-2026-23530: improper validation can lead to heap buffer overflow in planar_decompress_plane_rle (bsc#1256940).
• CVE-2026-23531: improper validation in clear_decompress can lead to heap buffer overflow (bsc#1256941).
• CVE-2026-23532: mismatch between destination rectangle clamping and the actual copy size can lead to a heap buffer overflow in gdi_SurfaceToSurface (bsc#1256942).
• CVE-2026-23534: missing checks can lead to heap buffer overflow in clear_decompress_bands_data (bsc#1256944).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Package Hub 15 15-SP7
  zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-421=1
• openSUSE Leap 15.4
  zypper in -t patch SUSE-2026-421=1

Package List:

• SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x)
  • libwinpr2-2.4.0-150400.3.35.1
  • freerdp-debugsource-2.4.0-150400.3.35.1
  • libfreerdp2-2.4.0-150400.3.35.1
  • libfreerdp2-debuginfo-2.4.0-150400.3.35.1
  • libwinpr2-debuginfo-2.4.0-150400.3.35.1
  • freerdp-debuginfo-2.4.0-150400.3.35.1
• openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
  • freerdp-wayland-debuginfo-2.4.0-150400.3.35.1
  • freerdp-2.4.0-150400.3.35.1
  • winpr2-devel-2.4.0-150400.3.35.1
  • libwinpr2-2.4.0-150400.3.35.1
  • freerdp-debugsource-2.4.0-150400.3.35.1
  • libfreerdp2-2.4.0-150400.3.35.1
  • freerdp-server-debuginfo-2.4.0-150400.3.35.1
  • libfreerdp2-debuginfo-2.4.0-150400.3.35.1
  • freerdp-proxy-2.4.0-150400.3.35.1
  • libwinpr2-debuginfo-2.4.0-150400.3.35.1
  • freerdp-proxy-debuginfo-2.4.0-150400.3.35.1
  • freerdp-debuginfo-2.4.0-150400.3.35.1
  • freerdp-devel-2.4.0-150400.3.35.1
  • freerdp-server-2.4.0-150400.3.35.1
  • freerdp-wayland-2.4.0-150400.3.35.1
  • libuwac0-0-2.4.0-150400.3.35.1
  • uwac0-0-devel-2.4.0-150400.3.35.1
  • libuwac0-0-debuginfo-2.4.0-150400.3.35.1

References:

• https://www.suse.com/security/cve/CVE-2026-22852.html
• https://www.suse.com/security/cve/CVE-2026-22854.html
• https://www.suse.com/security/cve/CVE-2026-22856.html
• https://www.suse.com/security/cve/CVE-2026-22859.html
• https://www.suse.com/security/cve/CVE-2026-23530.html
• https://www.suse.com/security/cve/CVE-2026-23531.html
• https://www.suse.com/security/cve/CVE-2026-23532.html
• https://www.suse.com/security/cve/CVE-2026-23534.html
• https://bugzilla.suse.com/show_bug.cgi?id=1256718
• https://bugzilla.suse.com/show_bug.cgi?id=1256720
• https://bugzilla.suse.com/show_bug.cgi?id=1256722
• https://bugzilla.suse.com/show_bug.cgi?id=1256725
• https://bugzilla.suse.com/show_bug.cgi?id=1256940
• https://bugzilla.suse.com/show_bug.cgi?id=1256941
• https://bugzilla.suse.com/show_bug.cgi?id=1256942
• https://bugzilla.suse.com/show_bug.cgi?id=1256944