[El-errata] ELSA-2026-16014 Moderate: Oracle Linux 10 freerdp security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu May 14 22:42:23 UTC 2026
Oracle Linux Security Advisory ELSA-2026-16014
http://linux.oracle.com/errata/ELSA-2026-16014.html
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
x86_64:
freerdp-3.10.3-5.el10_1.8.x86_64.rpm
freerdp-devel-3.10.3-5.el10_1.8.x86_64.rpm
freerdp-libs-3.10.3-5.el10_1.8.x86_64.rpm
freerdp-server-3.10.3-5.el10_1.8.x86_64.rpm
libwinpr-3.10.3-5.el10_1.8.x86_64.rpm
libwinpr-devel-3.10.3-5.el10_1.8.x86_64.rpm
aarch64:
freerdp-3.10.3-5.el10_1.8.aarch64.rpm
freerdp-devel-3.10.3-5.el10_1.8.aarch64.rpm
freerdp-libs-3.10.3-5.el10_1.8.aarch64.rpm
freerdp-server-3.10.3-5.el10_1.8.aarch64.rpm
libwinpr-3.10.3-5.el10_1.8.aarch64.rpm
libwinpr-devel-3.10.3-5.el10_1.8.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/freerdp-3.10.3-5.el10_1.8.src.rpm
Related CVEs:
CVE-2026-25952
CVE-2026-25997
CVE-2026-26986
CVE-2026-29775
CVE-2026-31883
CVE-2026-31884
CVE-2026-31885
CVE-2026-33982
CVE-2026-33985
CVE-2026-33987
Description of changes:
[2:3.10.3-5.8]
- Fix double free in xf_rail_window_common cleanup (CVE-2026-26986)
- Fix clipboard use-after-free during auto-reconnect (CVE-2026-25997)
- Fix heap-buffer-overflow in bitmap_cache_put (CVE-2026-29775)
- Add DSP format checks (CVE-2026-31884)
- Fix DSP array bounds checks (CVE-2026-31883)
- Fix DSP array bounds checks (CVE-2026-31885)
- Update PERSISTENT_CACHE_ENTRY::size after realloc (CVE-2026-33987)
- Update CLEAR_GLYPH_ENTRY::count after alloc (CVE-2026-33985)
- Use winpr_aligned_calloc in persistent cache (CVE-2026-33982)
Resolves: RHEL-159803, RHEL-159659, RHEL-161033, RHEL-161468
Resolves: RHEL-161504, RHEL-161071, RHEL-163653, RHEL-167791, RHEL-162930
More information about the El-errata
mailing list