CLSA-2026:1771010890

[CLSA-2026:1771010890] freerdp: Fix of 5 CVEs

Type:

security

Severity:

Critical

Release date:

2026-02-13 19:28:19 UTC

Description:

- CVE-2026-22859: fix out-of-bounds access due to missing interface
  index validation in urbdrc channel
- CVE-2026-23732: fix out-of-bounds read due to missing input length
  check in glyph conversion
- CVE-2026-23883: fix integer overflow in cursor pixel allocation and
  surface-to-surface rectangle clamping
- CVE-2026-22852: fix heap buffer overflow in audin_process_formats
  due to stale format count
- CVE-2026-23531: fix out-of-bounds read/write in clear_decompress
  due to missing glyphData bounds check

Updated packages:

freerdp-2.1.1-5.el7_9.tuxcare.els8.x86_64.rpm
sha:25a390b6d699778df48804b4616b238bfed208e0870b734c7d975deb1d9366f9
freerdp-devel-2.1.1-5.el7_9.tuxcare.els8.i686.rpm
sha:bf37fdabb43c0c5dd572661616d4e2064f6f67db2925ece1096eb469c84f566e
freerdp-devel-2.1.1-5.el7_9.tuxcare.els8.x86_64.rpm
sha:677d6704d671863728be4b73bcfd918e3b1b90fa1f3a072e742e9bfabe2fa728
freerdp-libs-2.1.1-5.el7_9.tuxcare.els8.i686.rpm
sha:af862faf8ebc5bed40c4eb953bcaccb630de786c142348da38229047c900265c
freerdp-libs-2.1.1-5.el7_9.tuxcare.els8.x86_64.rpm
sha:146b9b6ecece0790406e403556bfc8ef3425a45e531d63c6b4528a13c6934266
libwinpr-2.1.1-5.el7_9.tuxcare.els8.i686.rpm
sha:f9d12b227def7c6b88aa29f5ee88980e57e80b81303942388b6e4ef4242f58d0
libwinpr-2.1.1-5.el7_9.tuxcare.els8.x86_64.rpm
sha:fa5d516ce265a97991a550ed38b19451aa9d9064f934841bab0fb2652d14e09a
libwinpr-devel-2.1.1-5.el7_9.tuxcare.els8.i686.rpm
sha:752993dd033acb436b38bf93b5c92170f7011d6cf88d50b12212a67a39129e88
libwinpr-devel-2.1.1-5.el7_9.tuxcare.els8.x86_64.rpm
sha:3c75f84c2709e16fc7c447e546bb5c89fb617b7cd5ad29163239796e91260252

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.