[El-errata] ELSA-2026-19349 Important: Oracle Linux 9 freerdp security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Jun 29 15:02:05 UTC 2026


Oracle Linux Security Advisory ELSA-2026-19349

http://linux.oracle.com/errata/ELSA-2026-19349.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
freerdp-2.11.7-7.el9_8.3.x86_64.rpm
freerdp-devel-2.11.7-7.el9_8.3.i686.rpm
freerdp-devel-2.11.7-7.el9_8.3.x86_64.rpm
freerdp-libs-2.11.7-7.el9_8.3.i686.rpm
freerdp-libs-2.11.7-7.el9_8.3.x86_64.rpm
libwinpr-2.11.7-7.el9_8.3.i686.rpm
libwinpr-2.11.7-7.el9_8.3.x86_64.rpm
libwinpr-devel-2.11.7-7.el9_8.3.i686.rpm
libwinpr-devel-2.11.7-7.el9_8.3.x86_64.rpm

aarch64:
freerdp-2.11.7-7.el9_8.3.aarch64.rpm
freerdp-devel-2.11.7-7.el9_8.3.aarch64.rpm
freerdp-libs-2.11.7-7.el9_8.3.aarch64.rpm
libwinpr-2.11.7-7.el9_8.3.aarch64.rpm
libwinpr-devel-2.11.7-7.el9_8.3.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/freerdp-2.11.7-7.el9_8.3.src.rpm

Related CVEs:

CVE-2026-33983
CVE-2026-33984




Description of changes:

[2:2.11.7-7.3]
- Lock appWindow to fix use-after-free in RAIL mode (CVE-2026-25952)
  Resolves: RHEL-159860

[2:2.11.7-7.2]
- Fix double free in xf_rail_window_common cleanup (CVE-2026-26986)
- Fix growth of preallocated buffers (CVE-2026-27951)
- Fix heap-buffer-overflow in bitmap_cache_put (CVE-2026-29775)
- Add DSP format checks (CVE-2026-31884)
- Fix DSP array bounds checks (CVE-2026-31883)
- Fix DSP array bounds checks (CVE-2026-31885)
- Update CLEAR_GLYPH_ENTRY::count after alloc (CVE-2026-33985)
  Resolves: RHEL-159816, RHEL-155478, RHEL-161047, RHEL-161482
  Resolves: RHEL-161519, RHEL-161085, RHEL-168463

[2:2.11.7-7.1]
- Update CLEAR_VBAR_ENTRY size after alloc (CVE-2026-33984)
- Fail progressive_rfx_quant_sub on invalid values (CVE-2026-33983)
  Resolves: RHEL-163097, RHEL-163113




More information about the El-errata mailing list