[El-errata] ELSA-2026-19358 Moderate: Oracle Linux 9 freerdp security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu Jun 25 00:59:01 UTC 2026
Oracle Linux Security Advisory ELSA-2026-19358
http://linux.oracle.com/errata/ELSA-2026-19358.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
freerdp-2.11.7-7.el9_8.3.x86_64.rpm
freerdp-devel-2.11.7-7.el9_8.3.i686.rpm
freerdp-devel-2.11.7-7.el9_8.3.x86_64.rpm
freerdp-libs-2.11.7-7.el9_8.3.i686.rpm
freerdp-libs-2.11.7-7.el9_8.3.x86_64.rpm
libwinpr-2.11.7-7.el9_8.3.i686.rpm
libwinpr-2.11.7-7.el9_8.3.x86_64.rpm
libwinpr-devel-2.11.7-7.el9_8.3.i686.rpm
libwinpr-devel-2.11.7-7.el9_8.3.x86_64.rpm
aarch64:
freerdp-2.11.7-7.el9_8.3.aarch64.rpm
freerdp-devel-2.11.7-7.el9_8.3.aarch64.rpm
freerdp-libs-2.11.7-7.el9_8.3.aarch64.rpm
libwinpr-2.11.7-7.el9_8.3.aarch64.rpm
libwinpr-devel-2.11.7-7.el9_8.3.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/freerdp-2.11.7-7.el9_8.3.src.rpm
Related CVEs:
CVE-2026-25952
CVE-2026-26986
CVE-2026-27951
CVE-2026-29775
CVE-2026-31883
CVE-2026-31884
CVE-2026-31885
CVE-2026-33985
Description of changes:
[2:2.11.7-7.3]
- Lock appWindow to fix use-after-free in RAIL mode (CVE-2026-25952)
Resolves: RHEL-159860
[2:2.11.7-7.2]
- Fix double free in xf_rail_window_common cleanup (CVE-2026-26986)
- Fix growth of preallocated buffers (CVE-2026-27951)
- Fix heap-buffer-overflow in bitmap_cache_put (CVE-2026-29775)
- Add DSP format checks (CVE-2026-31884)
- Fix DSP array bounds checks (CVE-2026-31883)
- Fix DSP array bounds checks (CVE-2026-31885)
- Update CLEAR_GLYPH_ENTRY::count after alloc (CVE-2026-33985)
Resolves: RHEL-159816, RHEL-155478, RHEL-161047, RHEL-161482
Resolves: RHEL-161519, RHEL-161085, RHEL-168463
[2:2.11.7-7.1]
- Update CLEAR_VBAR_ENTRY size after alloc (CVE-2026-33984)
- Fail progressive_rfx_quant_sub on invalid values (CVE-2026-33983)
Resolves: RHEL-163097, RHEL-163113
More information about the El-errata
mailing list