Bug 35141 - freerdp new security issues CVE-2026-2285[245679], CVE-2026-23732, CVE-2026-2388[34], CVE-2026-24491, CVE-2026-26271, CVE-2026-26955, CVE-2026-26965, CVE-2026-31806, CVE-2026-3188[35]
Summary: freerdp new security issues CVE-2026-2285[245679], CVE-2026-23732, CVE-2026-2...
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on: 35038
Blocks: 35315
  Show dependency treegraph
 
Reported: 2026-02-18 10:05 CET by Nicolas Salguero
Modified: 2026-04-06 19:36 CEST (History)
5 users (show)

See Also:
Source RPM: freerdp-2.11.7-1.2.mga9.src.rpm
CVE: CVE-2026-2285[245679], CVE-2026-23732, CVE-2026-2388[34], CVE-2026-24491, CVE-2026-26271, CVE-2026-26955, CVE-2026-26965, CVE-2026-31806, CVE-2026-3188[35]
Status comment:
herman.viaene: test_passed_mga9_64+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2026-02-18 10:05:40 CET 
+++ This bug was initially created as a clone of Bug #35038 +++

openSUSE has issued an advisory on January 18:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/F2VLQU7USVAQ733RYB7II6KGZB3FG2KW/
Nicolas Salguero 2026-02-18 10:07:13 CET

Source RPM: freerdp-2.11.7-1.1.mga9.src.rpm => freerdp-2.11.7-1.2.mga9.src.rpm
Status comment: (none) => Fixed upstream in 3.20.2
CVE: CVE-2026-22851, CVE-2026-22852, CVE-2026-22853, CVE-2026-22854, CVE-2026-22855, CVE-2026-22856, CVE-2026-22857, CVE-2026-22858, CVE-2026-22859, CVE-2026-23948, CVE-2026-24491, CVE-2026-24675, CVE-2026-24676, CVE-2026-24677, CVE-2026-24678, CVE-2026-24679, CVE-2026-24680 => CVE-2026-22851, CVE-2026-22852, CVE-2026-22853, CVE-2026-22854, CVE-2026-22855, CVE-2026-22856, CVE-2026-22857, CVE-2026-22858, CVE-2026-22859

Nicolas Salguero 2026-02-18 10:07:24 CET

Assignee: bugsquad => pkg-bugs

Nicolas Salguero 2026-02-18 10:09:44 CET

Depends on: 35038 => (none)

Nicolas Salguero 2026-02-18 10:10:26 CET

Depends on: (none) => 35038

Comment 1 Nicolas Salguero 2026-03-06 15:56:41 CET 
Fedora has issued an advisory on March 6:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HAYMD62GFPCFHGN6JPLMCVJHP3SKINMW/

CVE-2026-2594[12], CVE-2026-2595[23459], CVE-2026-25997, CVE-2026-26271, CVE-2026-26955 and CVE-2026-26965 are fixed in 3.23.0.

Flags: (none) => affects_mga9+
Whiteboard: (none) => MGA9TOO
Source RPM: freerdp-2.11.7-1.2.mga9.src.rpm => freerdp-3.22.0-1.mga10.src.rpm, freerdp-2.11.7-1.2.mga9.src.rpm
Summary: freerdp new security issues CVE-2026-2285[1-9] => freerdp new security issues CVE-2026-2285[1-9], CVE-2026-2594[12], CVE-2026-2595[23459], CVE-2026-25997, CVE-2026-26271, CVE-2026-26955 and CVE-2026-26965
Status comment: Fixed upstream in 3.20.2 => Fixed upstream in 3.23.0
Version: 9 => Cauldron

Comment 2 Nicolas Salguero 2026-03-10 11:06:56 CET 
For Cauldron, I asked for a freeze move.

Whiteboard: MGA9TOO => (none)
Version: Cauldron => 9
Flags: affects_mga9+ => (none)
Source RPM: freerdp-3.22.0-1.mga10.src.rpm, freerdp-2.11.7-1.2.mga9.src.rpm => freerdp-2.11.7-1.2.mga9.src.rpm

Comment 3 Nicolas Salguero 2026-03-31 15:42:09 CEST 
Fedora has issued an advisory on March 31:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QGQZQS6664TXPPYGBP7673W2JAXG4K/

CVE-2026-33952, CVE-2026-33977, CVE-2026-3398[2-7], CVE-2026-33995

Summary: freerdp new security issues CVE-2026-2285[1-9], CVE-2026-2594[12], CVE-2026-2595[23459], CVE-2026-25997, CVE-2026-26271, CVE-2026-26955 and CVE-2026-26965 => freerdp new security issues CVE-2026-2285[1-9], CVE-2026-2594[12], CVE-2026-2595[23459], CVE-2026-25997, CVE-2026-26271, CVE-2026-2695[25], CVE-2026-26965, CVE-2026-33977, CVE-2026-3398[2-7], CVE-2026-33995
Status comment: Fixed upstream in 3.23.0 => Fixed upstream in 3.24.2

Comment 4 Nicolas Salguero 2026-04-02 15:49:52 CEST 
For CVE-2026-2285[57], CVE-2026-23533, CVE-2026-23732, CVE-2026-2388[34], CVE-2026-26271, CVE-2026-26955, CVE-2026-26965, CVE-2026-31806, CVE-2026-3188[35], openSUSE has issued an advisory on April 1:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/34ABPSLQFVRGFKDSR5ZEDKG5UH6KIBCA/
Nicolas Salguero 2026-04-02 16:44:51 CEST

Blocks: (none) => 35315

Nicolas Salguero 2026-04-02 16:50:25 CEST

Summary: freerdp new security issues CVE-2026-2285[1-9], CVE-2026-2594[12], CVE-2026-2595[23459], CVE-2026-25997, CVE-2026-26271, CVE-2026-2695[25], CVE-2026-26965, CVE-2026-33977, CVE-2026-3398[2-7], CVE-2026-33995 => freerdp new security issues CVE-2026-2285[245679], CVE-2026-23732, CVE-2026-2388[34], CVE-2026-24491, CVE-2026-26271, CVE-2026-26955, CVE-2026-26965, CVE-2026-31806, CVE-2026-3188[35]
CVE: CVE-2026-22851, CVE-2026-22852, CVE-2026-22853, CVE-2026-22854, CVE-2026-22855, CVE-2026-22856, CVE-2026-22857, CVE-2026-22858, CVE-2026-22859 => CVE-2026-2285[245679], CVE-2026-23732, CVE-2026-2388[34], CVE-2026-24491, CVE-2026-26271, CVE-2026-26955, CVE-2026-26965, CVE-2026-31806, CVE-2026-3188[35]

Comment 5 Nicolas Salguero 2026-04-03 09:07:14 CEST 
Suggested advisory:
========================

The updated packages fix security vulnerabilities:

FreeRDP has a heap-buffer-overflow in audin_process_formats. (CVE-2026-22852)

FreeRDP has a heap-buffer-overflow in drive_process_irp_read. (CVE-2026-22854)

FreeRDP has a heap-buffer-overflow in smartcard_unpack_set_attrib_call. (CVE-2026-22855)

FreeRDP has a heap-use-after-free in create_irp_thread. (CVE-2026-22856)

FreeRDP has a heap-use-after-free in irp_thread_func. (CVE-2026-22857)

FreeRDP has a heap-buffer-overflow in urb_select_configuration. (CVE-2026-22859)

FreeRDP has heap-buffer-overflow in Glyph_Alloc. (CVE-2026-23732)

Heap-use-after-free in update_pointer_new. (CVE-2026-23883)

Heap-use-after-free in gdi_set_bounds. (CVE-2026-23884)

FreeRDP has a heap-use-after-free in video_timer. (CVE-2026-24491)

Buffer Overread in FreeRDP Icon Processing. (CVE-2026-26271)

FreeRDP has Out-of-bounds Write. (CVE-2026-26955, CVE-2026-26965)

FreeRDP has a Heap Buffer Overflow in nsc_process_message() via Unchecked SURFACE_BITS_COMMAND Bitmap Dimensions. (CVE-2026-31806)

FreeRDP has a `size_t` underflow in ADPCM decoder leads to heap-buffer-overflow write. (CVE-2026-31883)

FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks. (CVE-2026-31885)

References:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/F2VLQU7USVAQ733RYB7II6KGZB3FG2KW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HAYMD62GFPCFHGN6JPLMCVJHP3SKINMW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QGQZQS6664TXPPYGBP7673W2JAXG4K/
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/34ABPSLQFVRGFKDSR5ZEDKG5UH6KIBCA/
========================

Updated packages in core/updates_testing:
========================
freerdp-2.11.7-1.3.mga9
lib(64)freerdp2-2.11.7-1.3.mga9
lib(64)freerdp-devel-2.11.7-1.3.mga9

from SRPM:
freerdp-2.11.7-1.3.mga9.src.rpm

Assignee: pkg-bugs => qa-bugs
Status: NEW => ASSIGNED
Status comment: Fixed upstream in 3.24.2 => (none)

Comment 6 Herman Viaene 2026-04-03 16:14:45 CEST 
MGA9-64 server Plasma  Wayland on Compaq H000SB
No installation issues.
Consulted help and entered command

$ xfreerdp /u:<user> /p:<password /v:<machinename>
The macine to connect is a Win11 Pro running in Vbox on my desktop PC. The name is known in my DNS server.
Connected after asking confirmation for an unknown certificate. Win desktop shows OK.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA9-64-OK
Flags: (none) => test_passed_mga9_64+

Comment 7 Thomas Andrews 2026-04-04 23:31:38 CEST 
Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

katnatek 2026-04-05 01:36:34 CEST

Keywords: (none) => advisory

Comment 8 Mageia Robot 2026-04-06 19:36:56 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2026-0086.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.