Security update for freerdp

Announcement ID: SUSE-SU-2026:21436-1
Release Date: 2026-04-30T16:52:03Z
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2026-25941 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
  • CVE-2026-25941 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
  • CVE-2026-25941 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
  • CVE-2026-25941 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
  • CVE-2026-25942 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
  • CVE-2026-25942 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2026-25942 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • CVE-2026-25942 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-25952 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
  • CVE-2026-25952 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2026-25952 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • CVE-2026-25952 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-25953 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
  • CVE-2026-25953 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2026-25953 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • CVE-2026-25953 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-25954 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
  • CVE-2026-25954 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2026-25954 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • CVE-2026-25954 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-25955 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
  • CVE-2026-25955 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2026-25955 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • CVE-2026-25955 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-25959 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
  • CVE-2026-25959 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2026-25959 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • CVE-2026-25959 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-25997 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
  • CVE-2026-25997 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2026-25997 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • CVE-2026-25997 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-26271 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • CVE-2026-26271 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2026-26955 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-26955 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE-2026-26955 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE-2026-26965 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-26965 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE-2026-26965 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE-2026-29774 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
  • CVE-2026-29774 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2026-29774 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2026-29774 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
  • CVE-2026-29775 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
  • CVE-2026-29775 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2026-29775 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2026-29775 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
  • CVE-2026-29776 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
  • CVE-2026-29776 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2026-29776 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2026-31806 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-31806 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE-2026-31806 ( NVD ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • CVE-2026-31806 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-31883 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
  • CVE-2026-31883 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  • CVE-2026-31883 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-31883 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
  • CVE-2026-31884 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
  • CVE-2026-31884 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2026-31884 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2026-31884 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-31885 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
  • CVE-2026-31885 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
  • CVE-2026-31885 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
  • CVE-2026-31885 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
  • CVE-2026-31897 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
  • CVE-2026-31897 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2026-31897 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  • CVE-2026-31897 ( NVD ): 0.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
  • CVE-2026-33952 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-33952 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2026-33952 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • CVE-2026-33952 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2026-33952 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2026-33977 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-33977 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2026-33977 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • CVE-2026-33977 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2026-33982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
  • CVE-2026-33982 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
  • CVE-2026-33982 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
  • CVE-2026-33983 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-33983 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2026-33983 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2026-33984 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-33984 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE-2026-33984 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE-2026-33985 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
  • CVE-2026-33985 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L
  • CVE-2026-33985 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
  • CVE-2026-33985 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L
  • CVE-2026-33986 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE-2026-33986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE-2026-33987 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
  • CVE-2026-33987 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
  • CVE-2026-33987 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
  • CVE-2026-33995 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2026-33995 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
  • SUSE Linux Enterprise Server 16.0
  • SUSE Linux Enterprise Server for SAP applications 16.0

An update that solves 28 vulnerabilities can now be installed.

Description:

This update for freerdp fixes the following issues:

Update to version 3.24.2.

Security issues fixed:

  • CVE-2026-25941: out-of-bounds read in the FreeRDP client RDPGFX channel (bsc#1258919).
  • CVE-2026-25942: buffer overflow of global array in xf_rail_server_execute_result (bsc#1258920).
  • CVE-2026-25952: heap use-after-free in xf_SetWindowMinMaxInfo (bsc#1258921).
  • CVE-2026-25953: heap use-after-free in xf_AppUpdateWindowFromSurface (bsc#1258923).
  • CVE-2026-25954: heap use-after-free in xf_rail_server_local_move_size (bsc#1258924).
  • CVE-2026-25955: heap use-after-free in xf_AppUpdateWindowFromSurface (bsc#1258973).
  • CVE-2026-25959: heap use-after-free in xf_cliprdr_provide_data_ (bsc#1258976).
  • CVE-2026-25997: heap use-after-free in xf_clipboard_format_equal (bsc#1258977).
  • CVE-2026-26271: buffer overread in FreeRDP icon processing (bsc#1258979).
  • CVE-2026-26955: out-of-bounds write in FreeRDP clients using the GDI surface pipeline (bsc#1258982).
  • CVE-2026-26965: out-of-bounds write in FreeRDP client RLE planar decode path (bsc#1258985).
  • CVE-2026-29774: heap buffer overflow in the FreeRDP client's AVC420/AVC444 YUV-to-RGB conversion path (bsc#1259689).
  • CVE-2026-29775: out-of-bounds access in the FreeRDP client bitmap cache subsystem (bsc#1259684).
  • CVE-2026-29776: integer underflow in update_read_cache_bitmap_order (bsc#1259692).
  • CVE-2026-31806: heap buffer overflow in nsc_process_message (bsc#1259653).
  • CVE-2026-31883: heap buffer overwrite due to a size_t underflow in the IMA-ADPCM and MS-ADPCM audio decoders (bsc#1259679).
  • CVE-2026-31884: division by zero in MS-ADPCM and IMA-ADPCM decoders (bsc#1259680).
  • CVE-2026-31885: out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders (bsc#1259686).
  • CVE-2026-31897: out-of-bounds read in freerdp_bitmap_decompress_planar (bsc#1259693).
  • CVE-2026-33952: client-side crash due to WINPR_ASSERT() failure in rts_read_auth_verifier_no_checks() (bsc#1261196).
  • CVE-2026-33977: client-side crash due to WINPR_ASSERT() failure in IMA ADPCM audio decoder (bsc#1261198).
  • CVE-2026-33982: heap buffer overread in in winpr_aligned_offset_recalloc (bsc#1261222).
  • CVE-2026-33983: undefined behavior and resource exhaustion via 80 billion iteration loop in progressive_decompress_tile_upgrade (bsc#1261200).
  • CVE-2026-33984: heap buffer overflow in ClearCodec resize_vbar_entry (bsc#1261211).
  • CVE-2026-33985: heap out-of-bounds read in clear_decompress_glyph_data (bsc#1261217).
  • CVE-2026-33986: heap out-of-bounds write due to H.264 YUV buffer dimension desync (bsc#1261223).
  • CVE-2026-33987: heap out-of-bounds write due to persistent cache bmpSize desync (bsc#1261226).
  • CVE-2026-33995: double-free vulnerability in kerberos_AcceptSecurityContext and kerberos_InitializeSecurityContextA (bsc#1261227).

Other updates and bugfixes:

  • Version 3.24.2:
  • [channels,video] fix wrong cast (#12511)
  • [codec,openh264] reject encoder ABI mismatch on runtime-loaded library (#12510)
  • [client,sdl] create a copy of rdpPointer (#12512)
  • [codec,video] properly pass intermediate format (#12518)
  • [utils, signal] lazily initialize Windows CRITICAL_SECTION to match POSIX static mutex behavior (#12520) winpr: improve libunwind backtraces (#12530)
  • [server,shadow] remember selected caps (#12528)
  • Zero credential data before free in NLA and NTLM context (#12532)
  • [server,proxy] ignore missing client in input channel (#12536)
  • [server,proxy] ignore rdpdr messages (#12537)
  • [winpr,sspi] improve kerberos logging (#12538)

  • Codec fixes (#12542)

  • Version 3.24.1:

  • [warnings] fix various sign and cast warnings (#12480)
  • [client,x11] start with xfc->remote_app = TRUE; (#12491)
  • Sam file read regression fix (#12484)
  • [ncrypt,smartcardlogon] support ECC keys in PKCS#11 smartcard enumeration (#12490)
  • Fix: memory leak in rdp_client_establish_keys() (#12494)
  • Fix memory leak in freerdp_settings_int_buffer_copy() on error paths (libfreerdp/core/settings.c) (#12486)
  • Code Cleanups (#12493)
  • Fix: memory leak in PCSC_SCardListReadersW() (#12495)
  • [channels,telemetry] use dynamic logging (#12496)
  • [channel,gfx] use generic plugin log (@12498, #12499)
  • [channels,audin] set error when audio_format_read fails (#12500)
  • [channels,video] unify error handling (#12502)
  • Fastpath fine grained lock (#12503)
  • [core,update] make the PlaySound callback non-mandatory (#12504)

  • Refinements: RPM build updates, FIPS improvements (#12506)

  • Version 3.24.0:

  • Completed the [[nodiscard]] marking of the API to warn about problematic
  • unchecked use of functions
  • Added full C23 support (default stays at C11) to allow new compilers
  • to do stricter checking
  • Improved X11 and SDL3 clients
  • Improved smartcard support
  • proxy now supports RFX graphics mode
  • Attribute nodiscard related chanes (#12325, #12360, #12395, #12406, #12421, #12426, #12177, #12403, #12405, #12407, #12409, #12408, #12412, #12413)
  • c23 related improvements (#12368, #12371, #12379, #12381, #12383, #12385, #12386, #12387, #12384)
  • Generic code cleanups (#12382, #12439, #12455, #12462, #12399, #12473) [core,utils] ignore NULL values in remove_rdpdr_type (#12372)
  • [codec,fdk] revert use of WinPR types (#12373)
  • [core,gateway] ignore incomplete rpc header (#12375, #12376)
  • [warnings] make function declaration names consistent (#12377)
  • [libfreerdp] Add new define for logon error info (#12380)
  • [client,x11] improve rails window locking (#12392)
  • Reload fix missing null checks (#12396)
  • Bounds checks (#12400)
  • [server,proxy] check for nullptr before using scard_call_context (#12404)
  • [uwac] fix rectangular glitch around surface damage regions (#12410)
  • Address various error handling inconsistencies (#12411)
  • [core,server] Improve WTS API locking (#12414)
  • Address some GCC compile issues (#12415, #12420)
  • Winpr atexit (#12416)
  • [winpr,smartcard] fix function pointer casts (#12422)
  • Xf timer fix (#12423)
  • [client,sdl] workaround for wlroots compositors (#12425)
  • [client,sdl] fix SdlWindow::query (#12378)
  • [winpr,smartcard] fix PCSC_ReleaseCardContext (#12427)
  • [client,x11] eliminate obsolete compile flags (#12428)
  • [client,common] skip sending input events when not connected (#12429)
  • Input connected checks (#12430)
  • Floatbar and display channel improvements (#12431)
  • [winpr,platform] fix WINPR_ATTR_NODISCARD definition (#12432)
  • [client] Fix writing of gatewayusagemethod to .rdp files (#12433)
  • Nodiscard finetune (#12435)
  • [core] fix missing gateway credential sync (#12436)
  • [client,sdl3] limit FREERDP_WLROOTS_HACK (#12441)
  • [core,settings] Allow FreeRDP_instance in setter (#12442)
  • [codec,h264] make log message trace (#12444)
  • X11 rails improve (#12440)
  • [codec,nsc] limit copy area in nsc_process_message (#12448)
  • Proxy support RFX and NSC settings (#12449)
  • [client,common] display a shortened help on parsing issues (#12450)
  • [winpr,smartcard] refine locking for pcsc layer (#12451)
  • [codec,swscale] allow runtime loading of swscale (#12452)
  • Swscale fallback (#12454)
  • Sdl multi scaling support (#12456)
  • [packaging,flatpak] update runtime and dependencies (#12457)
  • [codec,video] add doxygen version details (#12458)
  • [github,templates] update templates (#12460)
  • [client,sdl] allow FREERDP_WLROOTS_HACK for all sessions (#12461)
  • [warnings,nodiscard] add log messages for failures (#12463)
  • [gdi,gdi] ignore empty rectangles (#12467)
  • Smartcard fix smartcard-login, pass rdpContext for abort (#12466)
  • [winpr,smartcard] fix compiler warnings (#12469)
  • [winpr,timezone] fix search for transition dates (#12468)
  • [client,common] improve /p help (#12471)
  • Scard logging refactored (#12472)
  • [emu,scard] fix smartcard emulation (#12475)

  • Sdl null cursor (#12474)

  • Version 3.23.0:

  • Sdl cleanup (#12202)
  • [client,sdl] do not apply window offset (#12205)
  • [client,sdl] add SDL_Error to exceptions (#12214)
  • Rdp monitor log (#12215)
  • [winpr,smartcard] implement some attributes (#12213)
  • [client,windows] Fix return value checks for mouse event functions (#12279)
  • [channels,rdpecam] fix sws context checks (#12272)
  • [client,windows] Enhance error handling and context validation (#12264)
  • [client,windows] Add window handle validation in RDP_EVENT_TYPE_WINDOW_NEW (#12261)
  • [client,sdl] fix multimon/fullscreen on wayland (#12248)
  • Vendor by app (#12207)
  • [core,gateway] relax TSG parsing (#12283)
  • [winpr,smartcard] simplify PCSC_ReadDeviceSystemName (#12273)
  • [client,windows] Implement complete keyboard indicator synchronization (#12268)
  • Fixes more more more (#12286)
  • Use application details for names (#12285)
  • warning cleanups (#12289)
  • Warning cleanup (#12291)
  • [client,windows] Enhance memory safety with NULL checks and resource protection (#12271)
  • [client,x11] apply /size:xx% only once (#12293)
  • Freerdp config test (#12295)
  • [winpr,smartcard] fix returned attribute length (#12296)
  • [client,SDL3] Fix properly handle smart-sizing with fullscreen (#12298)
  • [core,test] fix use after free (#12299)
  • Sign warnings (#12300)
  • [cmake,compiler] disable -Wjump-misses-init (#12301)
  • [codec,color] fix input length checks (#12302)
  • [client,sdl] improve cursor updates, fix surface sizes (#12303)
  • Sdl fullscreen (#12217)
  • [client,sdl] fix move constructor of SdlWindow (#12305)
  • [utils,smartcard] check stream length on padding (#12306)
  • [android] Fix invert scrolling default value mismatch (#12309)
  • Clear fix bounds checks (#12310)
  • Winpr attr nodiscard fkt ptr (#12311)
  • [codec,planar] fix missing destination bounds checks (#12312)
  • [codec,clear] fix destination checks (#12315)
  • NSC Codec fixes (#12317)
  • Freerdp api nodiscard (#12313)
  • [allocations] fix growth of preallocated buffers (#12319)
  • Rdpdr simplify (#12320)
  • Resource fix (#12323)
  • [winpr,utils] ensure message queue capacity (#12322)
  • [server,shadow] fix return and parameter checks (#12330)
  • Shadow fixes (#12331)
  • [rdtk,nodiscard] mark rdtk API nodiscard (#12329)
  • [client,x11] fix XGetWindowProperty return handling (#12334)
  • Win32 signal (#12335)
  • [channel,usb] fix message parsing and creation (#12336)
  • [cmake] Define WINPR_DEFINE_ATTR_NODISCARD (#12338)
  • Proxy config fix (#12345)
  • [codec,progressive] refine progressive decoding (#12347)
  • [client,sdl] fix sdl_Pointer_New (#12350)
  • [core,gateway] parse [MS-TSGU] 2.2.10.5 HTTP_CHANNEL_RESPONSE_OPTIONAL (#12353)
  • X11 kbd sym (#12354)
  • Windows compile warning fixes (#12357,#12358,#12359)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Server for SAP applications 16.0
    zypper in -t patch SUSE-SLES-16.0-663=1
  • SUSE Linux Enterprise Server 16.0
    zypper in -t patch SUSE-SLES-16.0-663=1

Package List:

  • SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64)
    • freerdp-debuginfo-3.24.2-160000.1.1
    • libuwac0-0-debuginfo-3.24.2-160000.1.1
    • freerdp-server-3.24.2-160000.1.1
    • libwinpr3-3-debuginfo-3.24.2-160000.1.1
    • freerdp-server-debuginfo-3.24.2-160000.1.1
    • freerdp-proxy-plugins-3.24.2-160000.1.1
    • freerdp-wayland-3.24.2-160000.1.1
    • libfreerdp-server-proxy3-3-3.24.2-160000.1.1
    • winpr-devel-3.24.2-160000.1.1
    • freerdp-proxy-plugins-debuginfo-3.24.2-160000.1.1
    • freerdp-3.24.2-160000.1.1
    • freerdp-proxy-debuginfo-3.24.2-160000.1.1
    • freerdp-wayland-debuginfo-3.24.2-160000.1.1
    • freerdp-sdl-3.24.2-160000.1.1
    • freerdp-devel-3.24.2-160000.1.1
    • libfreerdp3-3-debuginfo-3.24.2-160000.1.1
    • librdtk0-0-3.24.2-160000.1.1
    • librdtk0-0-debuginfo-3.24.2-160000.1.1
    • libfreerdp-server-proxy3-3-debuginfo-3.24.2-160000.1.1
    • freerdp-sdl-debuginfo-3.24.2-160000.1.1
    • libuwac0-0-3.24.2-160000.1.1
    • libfreerdp3-3-3.24.2-160000.1.1
    • libwinpr3-3-3.24.2-160000.1.1
    • freerdp-proxy-3.24.2-160000.1.1
    • freerdp-debugsource-3.24.2-160000.1.1
  • SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64)
    • freerdp-debuginfo-3.24.2-160000.1.1
    • libuwac0-0-debuginfo-3.24.2-160000.1.1
    • freerdp-server-3.24.2-160000.1.1
    • libwinpr3-3-debuginfo-3.24.2-160000.1.1
    • freerdp-server-debuginfo-3.24.2-160000.1.1
    • freerdp-proxy-plugins-3.24.2-160000.1.1
    • freerdp-wayland-3.24.2-160000.1.1
    • libfreerdp-server-proxy3-3-3.24.2-160000.1.1
    • winpr-devel-3.24.2-160000.1.1
    • freerdp-proxy-plugins-debuginfo-3.24.2-160000.1.1
    • freerdp-3.24.2-160000.1.1
    • freerdp-proxy-debuginfo-3.24.2-160000.1.1
    • freerdp-wayland-debuginfo-3.24.2-160000.1.1
    • freerdp-sdl-3.24.2-160000.1.1
    • freerdp-devel-3.24.2-160000.1.1
    • libfreerdp3-3-debuginfo-3.24.2-160000.1.1
    • librdtk0-0-3.24.2-160000.1.1
    • librdtk0-0-debuginfo-3.24.2-160000.1.1
    • libfreerdp-server-proxy3-3-debuginfo-3.24.2-160000.1.1
    • freerdp-sdl-debuginfo-3.24.2-160000.1.1
    • libuwac0-0-3.24.2-160000.1.1
    • libfreerdp3-3-3.24.2-160000.1.1
    • libwinpr3-3-3.24.2-160000.1.1
    • freerdp-proxy-3.24.2-160000.1.1
    • freerdp-debugsource-3.24.2-160000.1.1

References: