Security update for freerdp

Announcement ID:	SUSE-SU-2026:0656-1
Release Date:	2026-02-26T15:06:37Z
Rating:	important
References:	bsc#1256721 bsc#1256723 bsc#1256943 bsc#1256945 bsc#1256946 bsc#1256947
Cross-References:	CVE-2026-22855 CVE-2026-22857 CVE-2026-23533 CVE-2026-23732 CVE-2026-23883 CVE-2026-23884
CVSS scores:	CVE-2026-22855 ( SUSE ): 6.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-22855 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2026-22855 ( NVD ): 5.6 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2026-22855 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2026-22857 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-22857 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2026-22857 ( NVD ): 6.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2026-22857 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-23533 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-23533 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2026-23533 ( NVD ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2026-23533 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-23732 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2026-23732 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2026-23732 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2026-23732 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-23883 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-23883 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2026-23883 ( NVD ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2026-23883 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-23884 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-23884 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2026-23884 ( NVD ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2026-23884 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:	openSUSE Leap 15.4 SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise Real Time 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 SUSE Package Hub 15 15-SP7

An update that solves six vulnerabilities can now be installed.

Description:

This update for freerdp fixes the following issues:

• CVE-2026-22855: heap-buffer-overflow in smartcard_unpack_set_attrib_call (bsc#1256721).
• CVE-2026-22857: heap-use-after-free in irp_thread_func (bsc#1256723).
• CVE-2026-23533: improper validation can lead to heap buffer overflow in clear_decompress_residual_data (bsc#1256943).
• CVE-2026-23732: improper validation can lead to heap buffer overflow in Glyph_Alloc (bsc#1256945).
• CVE-2026-23883: use-after-free when update_pointer_color and freerdp_image_copy_from_pointer_data fail (bsc#1256946).
• CVE-2026-23884: use-after-free in gdi_set_bounds (bsc#1256947).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.4
  zypper in -t patch SUSE-2026-656=1
• SUSE Package Hub 15 15-SP7
  zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-656=1

Package List:

• openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
  • winpr2-devel-2.4.0-150400.3.41.1
  • freerdp-server-debuginfo-2.4.0-150400.3.41.1
  • libuwac0-0-2.4.0-150400.3.41.1
  • freerdp-debugsource-2.4.0-150400.3.41.1
  • libwinpr2-2.4.0-150400.3.41.1
  • freerdp-proxy-2.4.0-150400.3.41.1
  • libfreerdp2-2.4.0-150400.3.41.1
  • libwinpr2-debuginfo-2.4.0-150400.3.41.1
  • freerdp-devel-2.4.0-150400.3.41.1
  • libuwac0-0-debuginfo-2.4.0-150400.3.41.1
  • freerdp-server-2.4.0-150400.3.41.1
  • freerdp-2.4.0-150400.3.41.1
  • freerdp-debuginfo-2.4.0-150400.3.41.1
  • freerdp-wayland-debuginfo-2.4.0-150400.3.41.1
  • freerdp-wayland-2.4.0-150400.3.41.1
  • uwac0-0-devel-2.4.0-150400.3.41.1
  • freerdp-proxy-debuginfo-2.4.0-150400.3.41.1
  • libfreerdp2-debuginfo-2.4.0-150400.3.41.1
• SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x)
  • libwinpr2-2.4.0-150400.3.41.1
  • freerdp-debugsource-2.4.0-150400.3.41.1
  • libfreerdp2-2.4.0-150400.3.41.1
  • libwinpr2-debuginfo-2.4.0-150400.3.41.1
  • freerdp-debuginfo-2.4.0-150400.3.41.1
  • libfreerdp2-debuginfo-2.4.0-150400.3.41.1

References:

• https://www.suse.com/security/cve/CVE-2026-22855.html
• https://www.suse.com/security/cve/CVE-2026-22857.html
• https://www.suse.com/security/cve/CVE-2026-23533.html
• https://www.suse.com/security/cve/CVE-2026-23732.html
• https://www.suse.com/security/cve/CVE-2026-23883.html
• https://www.suse.com/security/cve/CVE-2026-23884.html
• https://bugzilla.suse.com/show_bug.cgi?id=1256721
• https://bugzilla.suse.com/show_bug.cgi?id=1256723
• https://bugzilla.suse.com/show_bug.cgi?id=1256943
• https://bugzilla.suse.com/show_bug.cgi?id=1256945
• https://bugzilla.suse.com/show_bug.cgi?id=1256946
• https://bugzilla.suse.com/show_bug.cgi?id=1256947