ELSA-2026-16014

ULN >
Oracle Linux Errata repository >
ELSA-2026-16014

ELSA-2026-16014 - freerdp security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2026-05-11

Description

[2:3.10.3-5.8]
- Fix double free in xf_rail_window_common cleanup (CVE-2026-26986)
- Fix clipboard use-after-free during auto-reconnect (CVE-2026-25997)
- Fix heap-buffer-overflow in bitmap_cache_put (CVE-2026-29775)
- Add DSP format checks (CVE-2026-31884)
- Fix DSP array bounds checks (CVE-2026-31883)
- Fix DSP array bounds checks (CVE-2026-31885)
- Update PERSISTENT_CACHE_ENTRY::size after realloc (CVE-2026-33987)
- Update CLEAR_GLYPH_ENTRY::count after alloc (CVE-2026-33985)
- Use winpr_aligned_calloc in persistent cache (CVE-2026-33982)
Resolves: RHEL-159803, RHEL-159659, RHEL-161033, RHEL-161468
Resolves: RHEL-161504, RHEL-161071, RHEL-163653, RHEL-167791, RHEL-162930

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 10 (aarch64)	freerdp-3.10.3-5.el10_1.8.src.rpm	4bb687f1d1c8ee2e5e19b93215f56566dc371c4c36569559d88ee351f9e41f32	-	ol10_aarch64_appstream
	freerdp-3.10.3-5.el10_1.8.src.rpm	4bb687f1d1c8ee2e5e19b93215f56566dc371c4c36569559d88ee351f9e41f32	-	ol10_aarch64_codeready_builder
	freerdp-3.10.3-5.el10_1.8.aarch64.rpm	3e2371fd76742ee5a77a80b9c3d2ca16a2734edbe610cc204832c016229db11d	-	ol10_aarch64_appstream
	freerdp-devel-3.10.3-5.el10_1.8.aarch64.rpm	218cd567f39976f753ddef68a5085b5518206408eea8fc89d674528f95fc8999	-	ol10_aarch64_codeready_builder
	freerdp-libs-3.10.3-5.el10_1.8.aarch64.rpm	a6613baef90cf0110213e6ec394418afe29d793c068439310e76e62f3b103190	-	ol10_aarch64_appstream
	freerdp-server-3.10.3-5.el10_1.8.aarch64.rpm	5c72dcbf1414ad7963a053f0208abd3f04ca83376b1f706f965406592c2f28ac	-	ol10_aarch64_codeready_builder
	libwinpr-3.10.3-5.el10_1.8.aarch64.rpm	fca7ca1cd4112009d557af7b8fd675caf369a60a3244774b06f511b104a5309b	-	ol10_aarch64_appstream
	libwinpr-devel-3.10.3-5.el10_1.8.aarch64.rpm	77f6639a36e39b677fd5631fbd3ef90eb9e9150c0f44e027ccf741a6f4df51d3	-	ol10_aarch64_codeready_builder

Oracle Linux 10 (x86_64)	freerdp-3.10.3-5.el10_1.8.src.rpm	4bb687f1d1c8ee2e5e19b93215f56566dc371c4c36569559d88ee351f9e41f32	-	ol10_x86_64_appstream
	freerdp-3.10.3-5.el10_1.8.src.rpm	4bb687f1d1c8ee2e5e19b93215f56566dc371c4c36569559d88ee351f9e41f32	-	ol10_x86_64_codeready_builder
	freerdp-3.10.3-5.el10_1.8.x86_64.rpm	52c37a1a7f69bbf0b14fa56c200887c5b075de8b4eda1e6ee1bc50140627ada0	-	ol10_x86_64_appstream
	freerdp-devel-3.10.3-5.el10_1.8.x86_64.rpm	a84ca6a00ad9bcabac6e04dde5d2b81b28c635fe1d6806dbc1856e1ccf3ecad2	-	ol10_x86_64_codeready_builder
	freerdp-libs-3.10.3-5.el10_1.8.x86_64.rpm	718e10b52f784e660072c213bd367dbd49cf27931cd14ba3ad610a5522565c48	-	ol10_x86_64_appstream
	freerdp-server-3.10.3-5.el10_1.8.x86_64.rpm	291ff878ff5b37baef16f3b28de76c9feab2979f68f3b5f0125861c35fb03440	-	ol10_x86_64_codeready_builder
	libwinpr-3.10.3-5.el10_1.8.x86_64.rpm	e9733a2024c3af2d7bb7a5838c9a91913f50694027b76c441a552111f8518f66	-	ol10_x86_64_appstream
	libwinpr-devel-3.10.3-5.el10_1.8.x86_64.rpm	5af29ade00bc1174364811fc829a9bce27f1dcb3f7d922ac9792c4d7c1712825	-	ol10_x86_64_codeready_builder

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691