ELSA-2026-19358

ULN >
Oracle Linux Errata repository >
ELSA-2026-19358

ELSA-2026-19358 - freerdp security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2026-06-23

Description

[2:2.11.7-7.3]
- Lock appWindow to fix use-after-free in RAIL mode (CVE-2026-25952)
Resolves: RHEL-159860

[2:2.11.7-7.2]
- Fix double free in xf_rail_window_common cleanup (CVE-2026-26986)
- Fix growth of preallocated buffers (CVE-2026-27951)
- Fix heap-buffer-overflow in bitmap_cache_put (CVE-2026-29775)
- Add DSP format checks (CVE-2026-31884)
- Fix DSP array bounds checks (CVE-2026-31883)
- Fix DSP array bounds checks (CVE-2026-31885)
- Update CLEAR_GLYPH_ENTRY::count after alloc (CVE-2026-33985)
Resolves: RHEL-159816, RHEL-155478, RHEL-161047, RHEL-161482
Resolves: RHEL-161519, RHEL-161085, RHEL-168463

[2:2.11.7-7.1]
- Update CLEAR_VBAR_ENTRY size after alloc (CVE-2026-33984)
- Fail progressive_rfx_quant_sub on invalid values (CVE-2026-33983)
Resolves: RHEL-163097, RHEL-163113

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	freerdp-2.11.7-7.el9_8.3.src.rpm	84f777f7a2cd1188e7e615d549b85818217ae614c8b9d95a7aa9c4126d47122e	-	ol9_aarch64_appstream
	freerdp-2.11.7-7.el9_8.3.src.rpm	84f777f7a2cd1188e7e615d549b85818217ae614c8b9d95a7aa9c4126d47122e	-	ol9_aarch64_codeready_builder
	freerdp-2.11.7-7.el9_8.3.aarch64.rpm	cd6ac1334df09d6b334ffd2f0f8f956a84b3623987fdf470a15f192071f7830f	-	ol9_aarch64_appstream
	freerdp-devel-2.11.7-7.el9_8.3.aarch64.rpm	0dc20634c8047f10cff847601292d27ce550fbeedcd40351e5857caefb56a194	-	ol9_aarch64_codeready_builder
	freerdp-libs-2.11.7-7.el9_8.3.aarch64.rpm	cb117563a4b0404362de41f828e5167766b7d80f01255ddf4a84b56f9a31ad55	-	ol9_aarch64_appstream
	libwinpr-2.11.7-7.el9_8.3.aarch64.rpm	637daa64066bde5c631a9ac755d71b3f74cd31bddc90b4feb2346efdeeafce2d	-	ol9_aarch64_appstream
	libwinpr-devel-2.11.7-7.el9_8.3.aarch64.rpm	0addfeda187ccfc1a1a090eb9de968dbc74412d4dec3572e82c92fd63c3147a4	-	ol9_aarch64_codeready_builder

Oracle Linux 9 (x86_64)	freerdp-2.11.7-7.el9_8.3.src.rpm	84f777f7a2cd1188e7e615d549b85818217ae614c8b9d95a7aa9c4126d47122e	-	ol9_x86_64_appstream
	freerdp-2.11.7-7.el9_8.3.src.rpm	84f777f7a2cd1188e7e615d549b85818217ae614c8b9d95a7aa9c4126d47122e	-	ol9_x86_64_codeready_builder
	freerdp-2.11.7-7.el9_8.3.x86_64.rpm	35d75fdfd91f609d3b1e13b0614f504b4b9987c01d4c8aec688bca1f82a6becc	-	ol9_x86_64_appstream
	freerdp-devel-2.11.7-7.el9_8.3.i686.rpm	eceb93b34a406906b5b57ae36247b8f14de07d4168ba23c9b874978205be26b3	-	ol9_x86_64_codeready_builder
	freerdp-devel-2.11.7-7.el9_8.3.x86_64.rpm	126269ccfac12b080293cdf7dd04c1f79307a81bd0f8829a59c314d7e90f3abe	-	ol9_x86_64_codeready_builder
	freerdp-libs-2.11.7-7.el9_8.3.i686.rpm	73dbabef17923e275ec01fe8e6080ea6a4ad1b57d2123465055a4ea7faa69301	-	ol9_x86_64_appstream
	freerdp-libs-2.11.7-7.el9_8.3.x86_64.rpm	b06e523157ff2d2b3ea3c447407035807aaf97b4f688820def29e14121b2705e	-	ol9_x86_64_appstream
	libwinpr-2.11.7-7.el9_8.3.i686.rpm	600e8ae433256dfd6f378eaefaedb88a82b7de07c51477be39da6090a338f95f	-	ol9_x86_64_appstream
	libwinpr-2.11.7-7.el9_8.3.x86_64.rpm	a646ed2d9dbe9db51068eada5dd12813ce6067e6c6fdc82ff8b2bceb2a1d96ac	-	ol9_x86_64_appstream
	libwinpr-devel-2.11.7-7.el9_8.3.i686.rpm	493877a5e979a7097d9a50ce6d0a3b4280304ddb664ef9b129a4ff3ed65b8f64	-	ol9_x86_64_codeready_builder
	libwinpr-devel-2.11.7-7.el9_8.3.x86_64.rpm	8e2ebfd18bc19d3a0067c9ccc698b1ecd5754d88b7b4e3df73a0b2c38724f22f	-	ol9_x86_64_codeready_builder

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691