Bug 35038 - freerdp new security issues CVE-2026-2353[0-4], CVE-2026-23948, CVE-2026-24491, CVE-2026-2467[5-9], CVE-2026-2468[0-4]
Summary: freerdp new security issues CVE-2026-2353[0-4], CVE-2026-23948, CVE-2026-2449...
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-32-OK MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks: 35141
  Show dependency treegraph
 
Reported: 2026-01-19 15:41 CET by Nicolas Salguero
Modified: 2026-04-02 16:47 CEST (History)
3 users (show)

See Also:
Source RPM: freerdp-2.11.7-1.1.mga9.src.rpm
CVE: CVE-2026-23530, CVE-2026-23531, CVE-2026-23532, CVE-2026-23533, CVE-2026-23534, CVE-2026-23948, CVE-2026-24491, CVE-2026-24675, CVE-2026-24676, CVE-2026-24677, CVE-2026-24678, CVE-2026-24679, CVE-2026-24680, CVE-2026-24681, CVE-2026-24682, CVE-2026-24683, CVE-2026-24684
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2026-01-19 15:41:27 CET 
openSUSE has issued an advisory on January 18:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/F2VLQU7USVAQ733RYB7II6KGZB3FG2KW/
Nicolas Salguero 2026-01-19 15:42:24 CET

Source RPM: (none) => freerdp-2.11.7-1.1.mga9.src.rpm
Status comment: (none) => Fixed upstream in 3.20.2
CVE: (none) => CVE-2026-22851, CVE-2026-22852, CVE-2026-22853, CVE-2026-22854, CVE-2026-22855, CVE-2026-22856, CVE-2026-22857, CVE-2026-22858, CVE-2026-22859

Comment 1 Lewis Smith 2026-01-20 09:37:24 CET 
We have in Cauldron 3.20.2 (even 3.21.0).
Assigning globally for doing Mageia 9.

Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2026-02-05 15:45:12 CET 
openSUSE has issued an advisory on February 4:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3PECP75D65BGMOXX4VA6VFZW5A365UOB/

Summary: freerdp new security issues CVE-2026-2285[1-9] => freerdp new security issues CVE-2026-2285[1-9], CVE-2026-23948, CVE-2026-24491, CVE-2026-2467[5-9], CVE-2026-2468[0-4]
CVE: CVE-2026-22851, CVE-2026-22852, CVE-2026-22853, CVE-2026-22854, CVE-2026-22855, CVE-2026-22856, CVE-2026-22857, CVE-2026-22858, CVE-2026-22859 => CVE-2026-22851, CVE-2026-22852, CVE-2026-22853, CVE-2026-22854, CVE-2026-22855, CVE-2026-22856, CVE-2026-22857, CVE-2026-22858, CVE-2026-22859, CVE-2026-23948, CVE-2026-24491, CVE-2026-24675, CVE-2026-24676, CVE-2026-24677, CVE-2026-24678, CVE-2026-24679, CVE-2026-24680
Status comment: Fixed upstream in 3.20.2 => Fixed upstream in 3.22.0

Comment 4 Nicolas Salguero 2026-02-18 10:03:26 CET 
Ubuntu has issued an advisory on February 16:
https://ubuntu.com/security/notices/USN-8042-1
Nicolas Salguero 2026-02-18 10:05:40 CET

Blocks: (none) => 35141

Nicolas Salguero 2026-02-18 10:09:44 CET

Summary: freerdp new security issues CVE-2026-2285[1-9], CVE-2026-23948, CVE-2026-24491, CVE-2026-2467[5-9], CVE-2026-2468[0-4] => freerdp new security issues CVE-2026-23948, CVE-2026-24491, CVE-2026-2467[5-9], CVE-2026-2468[0-4]
Blocks: 35141 => (none)
Status comment: Fixed upstream in 3.22.0 => (none)
CVE: CVE-2026-22851, CVE-2026-22852, CVE-2026-22853, CVE-2026-22854, CVE-2026-22855, CVE-2026-22856, CVE-2026-22857, CVE-2026-22858, CVE-2026-22859, CVE-2026-23948, CVE-2026-24491, CVE-2026-24675, CVE-2026-24676, CVE-2026-24677, CVE-2026-24678, CVE-2026-24679, CVE-2026-24680 => CVE-2026-23948, CVE-2026-24491, CVE-2026-24675, CVE-2026-24676, CVE-2026-24677, CVE-2026-24678, CVE-2026-24679, CVE-2026-24680, CVE-2026-24681, CVE-2026-24682, CVE-2026-24683, CVE-2026-24684

Comment 5 Nicolas Salguero 2026-02-18 10:10:26 CET 
CVE-2026-2285[1-9] are in bug 35141.

Blocks: (none) => 35141

Comment 6 Nicolas Salguero 2026-02-18 10:21:30 CET 
Ubuntu has issued an advisory on February 3:
https://ubuntu.com/security/notices/USN-8004-1

Summary: freerdp new security issues CVE-2026-23948, CVE-2026-24491, CVE-2026-2467[5-9], CVE-2026-2468[0-4] => freerdp new security issues CVE-2026-2353[0-4], CVE-2026-23948, CVE-2026-24491, CVE-2026-2467[5-9], CVE-2026-2468[0-4]
CVE: CVE-2026-23948, CVE-2026-24491, CVE-2026-24675, CVE-2026-24676, CVE-2026-24677, CVE-2026-24678, CVE-2026-24679, CVE-2026-24680, CVE-2026-24681, CVE-2026-24682, CVE-2026-24683, CVE-2026-24684 => CVE-2026-23530, CVE-2026-23531, CVE-2026-23532, CVE-2026-23533, CVE-2026-23534, CVE-2026-23948, CVE-2026-24491, CVE-2026-24675, CVE-2026-24676, CVE-2026-24677, CVE-2026-24678, CVE-2026-24679, CVE-2026-24680, CVE-2026-24681, CVE-2026-24682, CVE-2026-24683, CVE-2026-24684

Comment 7 Nicolas Salguero 2026-02-18 10:23:17 CET 
Suggested advisory:
========================

The updated packages fix security vulnerabilities:

FreeRDP has heap-buffer-overflow in planar_decompress_plane_rle. (CVE-2026-23530)

FreeRDP has heap-buffer-overflow in clear_decompress. (CVE-2026-23531)

FreeRDP has heap-buffer-overflow in gdi_SurfaceToSurface. (CVE-2026-23532)

FreeRDP has heap-buffer-overflow in clear_decompress_residual_data. (CVE-2026-23533)

FreeRDP has heap-buffer-overflow in clear_decompress_bands_data. (CVE-2026-23534)

FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2(). (CVE-2026-23948)

FreeRDP has a heap-use-after-free in video_timer. (CVE-2026-24491)

FreeRDP has a Heap-use-after-free in urb_select_interface. (CVE-2026-24675)

FreeRDP has a heap-use-after-free in audio_format_compatible. (CVE-2026-24676)

FreeRDP has a heap-buffer-overflow in ecam_encoder_compress_h264. (CVE-2026-24677)

FreeRDP has a Heap-use-after-free in cam_v4l_stream_capture_thread. (CVE-2026-24678)

FreeRDP has a heap-buffer-overflow in urb_select_interface. (CVE-2026-24679)

FreeRDP has a heap-use-after-free in update_pointer_new(SDL). (CVE-2026-24680)

FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb. (CVE-2026-24681)

FreeRDP has a Heap-buffer-overflow in audio_formats_free. (CVE-2026-24682)

FreeRDP has a heap-use-after-free in ainput_send_input_event. (CVE-2026-24683)

FreeRDP has a Heap-use-after-free in play_thread. (CVE-2026-24684)

References:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3PECP75D65BGMOXX4VA6VFZW5A365UOB/
https://www.openwall.com/lists/oss-security/2026/02/09/8
https://www.openwall.com/lists/oss-security/2026/02/10/1
https://ubuntu.com/security/notices/USN-8004-1
https://ubuntu.com/security/notices/USN-8042-1
========================

Updated packages in core/updates_testing:
========================
freerdp-2.11.7-1.2.mga9
lib(64)freerdp2-2.11.7-1.2.mga9
lib(64)freerdp-devel-2.11.7-1.2.mga9

from SRPM:
freerdp-2.11.7-1.2.mga9.src.rpm

Assignee: pkg-bugs => qa-bugs
Status: NEW => ASSIGNED

katnatek 2026-02-18 20:19:03 CET

Keywords: (none) => advisory

Comment 8 Brian Rockwell 2026-02-19 22:25:25 CET 
MGA9-32, xfcex

The following 2 packages are going to be installed:

- freerdp-2.11.7-1.2.mga9.i586
- libfreerdp2-2.11.7-1.2.mga9.i586

1.1MB of additional disk space will be used.


I ran xfreerdp from terminal with both regular and full screen mode.

Worked as expected.

Whiteboard: (none) => MGA9-32-OK
CC: (none) => brtians1

Comment 9 Brian Rockwell 2026-02-21 04:32:15 CET 
MGA9-64, Xfce, APU


The following 2 packages are going to be installed:

- freerdp-2.11.7-1.2.mga9.x86_64
- lib64freerdp2-2.11.7-1.2.mga9.x86_64

84B of additional disk space will be used.

---

ran xfreerdp -f <ip>

Worked without issue

Whiteboard: MGA9-32-OK => MGA9-32-OK MGA9-64-OK

Comment 10 Thomas Andrews 2026-02-21 20:14:54 CET 
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 11 Mageia Robot 2026-02-22 01:55:12 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2026-0046.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Nicolas Salguero 2026-04-02 16:44:51 CEST

Blocks: (none) => 35315

Nicolas Salguero 2026-04-02 16:47:09 CEST

Blocks: 35315 => (none)
Note You need to log in before you can comment on or make changes to this bug.