freerdp-3.20.2-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:10059-1 Final 1 1 2026-01-17T00:00:00Z current 2026-01-17T00:00:00Z 2026-01-17T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z freerdp-3.20.2-1.1 on GA media These are all security issues fixed in the freerdp-3.20.2-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2026-10059 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2026-22851/ SUSE CVE CVE-2026-22851 page https://www.suse.com/security/cve/CVE-2026-22852/ SUSE CVE CVE-2026-22852 page https://www.suse.com/security/cve/CVE-2026-22853/ SUSE CVE CVE-2026-22853 page https://www.suse.com/security/cve/CVE-2026-22854/ SUSE CVE CVE-2026-22854 page https://www.suse.com/security/cve/CVE-2026-22855/ SUSE CVE CVE-2026-22855 page https://www.suse.com/security/cve/CVE-2026-22856/ SUSE CVE CVE-2026-22856 page https://www.suse.com/security/cve/CVE-2026-22857/ SUSE CVE CVE-2026-22857 page https://www.suse.com/security/cve/CVE-2026-22858/ SUSE CVE CVE-2026-22858 page https://www.suse.com/security/cve/CVE-2026-22859/ SUSE CVE CVE-2026-22859 page openSUSE Tumbleweed freerdp-3.20.2-1.1 freerdp-devel-3.20.2-1.1 freerdp-proxy-3.20.2-1.1 freerdp-proxy-plugins-3.20.2-1.1 freerdp-sdl-3.20.2-1.1 freerdp-server-3.20.2-1.1 freerdp-wayland-3.20.2-1.1 libfreerdp-server-proxy3-3-3.20.2-1.1 libfreerdp3-3-3.20.2-1.1 librdtk0-0-3.20.2-1.1 libuwac0-0-3.20.2-1.1 libwinpr3-3-3.20.2-1.1 rdtk0-devel-3.20.2-1.1 uwac0-devel-3.20.2-1.1 winpr-devel-3.20.2-1.1 freerdp-3.20.2-1.1 as a component of openSUSE Tumbleweed freerdp-devel-3.20.2-1.1 as a component of openSUSE Tumbleweed freerdp-proxy-3.20.2-1.1 as a component of openSUSE Tumbleweed freerdp-proxy-plugins-3.20.2-1.1 as a component of openSUSE Tumbleweed freerdp-sdl-3.20.2-1.1 as a component of openSUSE Tumbleweed freerdp-server-3.20.2-1.1 as a component of openSUSE Tumbleweed freerdp-wayland-3.20.2-1.1 as a component of openSUSE Tumbleweed libfreerdp-server-proxy3-3-3.20.2-1.1 as a component of openSUSE Tumbleweed libfreerdp3-3-3.20.2-1.1 as a component of openSUSE Tumbleweed librdtk0-0-3.20.2-1.1 as a component of openSUSE Tumbleweed libuwac0-0-3.20.2-1.1 as a component of openSUSE Tumbleweed libwinpr3-3-3.20.2-1.1 as a component of openSUSE Tumbleweed rdtk0-devel-3.20.2-1.1 as a component of openSUSE Tumbleweed uwac0-devel-3.20.2-1.1 as a component of openSUSE Tumbleweed winpr-devel-3.20.2-1.1 as a component of openSUSE Tumbleweed FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free. Specifically, an escaped pointer to sdl->primary (SDL_Surface) is accessed after it has been freed during RDPGFX ResetGraphics handling. This vulnerability is fixed in 3.20.1. CVE-2026-22851 openSUSE Tumbleweed:freerdp-3.20.2-1.1 openSUSE Tumbleweed:freerdp-devel-3.20.2-1.1 openSUSE Tumbleweed:freerdp-proxy-3.20.2-1.1 openSUSE Tumbleweed:freerdp-proxy-plugins-3.20.2-1.1 openSUSE Tumbleweed:freerdp-sdl-3.20.2-1.1 openSUSE Tumbleweed:freerdp-server-3.20.2-1.1 openSUSE Tumbleweed:freerdp-wayland-3.20.2-1.1 openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.20.2-1.1 openSUSE Tumbleweed:libfreerdp3-3-3.20.2-1.1 openSUSE Tumbleweed:librdtk0-0-3.20.2-1.1 openSUSE Tumbleweed:libuwac0-0-3.20.2-1.1 openSUSE Tumbleweed:libwinpr3-3-3.20.2-1.1 openSUSE Tumbleweed:rdtk0-devel-3.20.2-1.1 openSUSE Tumbleweed:uwac0-devel-3.20.2-1.1 openSUSE Tumbleweed:winpr-devel-3.20.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-22851.html CVE-2026-22851 https://bugzilla.suse.com/1256717 SUSE Bug 1256717 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input (AUDIN) format lists. audin_process_formats reuses callback->formats_count across multiple MSG_SNDIN_FORMATS PDUs and writes past the newly allocated formats array, causing memory corruption and a crash. This vulnerability is fixed in 3.20.1. CVE-2026-22852 openSUSE Tumbleweed:freerdp-3.20.2-1.1 openSUSE Tumbleweed:freerdp-devel-3.20.2-1.1 openSUSE Tumbleweed:freerdp-proxy-3.20.2-1.1 openSUSE Tumbleweed:freerdp-proxy-plugins-3.20.2-1.1 openSUSE Tumbleweed:freerdp-sdl-3.20.2-1.1 openSUSE Tumbleweed:freerdp-server-3.20.2-1.1 openSUSE Tumbleweed:freerdp-wayland-3.20.2-1.1 openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.20.2-1.1 openSUSE Tumbleweed:libfreerdp3-3-3.20.2-1.1 openSUSE Tumbleweed:librdtk0-0-3.20.2-1.1 openSUSE Tumbleweed:libuwac0-0-3.20.2-1.1 openSUSE Tumbleweed:libwinpr3-3-3.20.2-1.1 openSUSE Tumbleweed:rdtk0-devel-3.20.2-1.1 openSUSE Tumbleweed:uwac0-devel-3.20.2-1.1 openSUSE Tumbleweed:winpr-devel-3.20.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-22852.html CVE-2026-22852 https://bugzilla.suse.com/1256718 SUSE Bug 1256718 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR's NDR array reader does not perform bounds checking on the on-wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndr_read_uint8Array. This vulnerability is fixed in 3.20.1. CVE-2026-22853 openSUSE Tumbleweed:freerdp-3.20.2-1.1 openSUSE Tumbleweed:freerdp-devel-3.20.2-1.1 openSUSE Tumbleweed:freerdp-proxy-3.20.2-1.1 openSUSE Tumbleweed:freerdp-proxy-plugins-3.20.2-1.1 openSUSE Tumbleweed:freerdp-sdl-3.20.2-1.1 openSUSE Tumbleweed:freerdp-server-3.20.2-1.1 openSUSE Tumbleweed:freerdp-wayland-3.20.2-1.1 openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.20.2-1.1 openSUSE Tumbleweed:libfreerdp3-3-3.20.2-1.1 openSUSE Tumbleweed:librdtk0-0-3.20.2-1.1 openSUSE Tumbleweed:libuwac0-0-3.20.2-1.1 openSUSE Tumbleweed:libwinpr3-3-3.20.2-1.1 openSUSE Tumbleweed:rdtk0-devel-3.20.2-1.1 openSUSE Tumbleweed:uwac0-devel-3.20.2-1.1 openSUSE Tumbleweed:winpr-devel-3.20.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-22853.html CVE-2026-22853 https://bugzilla.suse.com/1256719 SUSE Bug 1256719 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory. This vulnerability is fixed in 3.20.1. CVE-2026-22854 openSUSE Tumbleweed:freerdp-3.20.2-1.1 openSUSE Tumbleweed:freerdp-devel-3.20.2-1.1 openSUSE Tumbleweed:freerdp-proxy-3.20.2-1.1 openSUSE Tumbleweed:freerdp-proxy-plugins-3.20.2-1.1 openSUSE Tumbleweed:freerdp-sdl-3.20.2-1.1 openSUSE Tumbleweed:freerdp-server-3.20.2-1.1 openSUSE Tumbleweed:freerdp-wayland-3.20.2-1.1 openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.20.2-1.1 openSUSE Tumbleweed:libfreerdp3-3-3.20.2-1.1 openSUSE Tumbleweed:librdtk0-0-3.20.2-1.1 openSUSE Tumbleweed:libuwac0-0-3.20.2-1.1 openSUSE Tumbleweed:libwinpr3-3-3.20.2-1.1 openSUSE Tumbleweed:rdtk0-devel-3.20.2-1.1 openSUSE Tumbleweed:uwac0-devel-3.20.2-1.1 openSUSE Tumbleweed:winpr-devel-3.20.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-22854.html CVE-2026-22854 https://bugzilla.suse.com/1256720 SUSE Bug 1256720 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1. CVE-2026-22855 openSUSE Tumbleweed:freerdp-3.20.2-1.1 openSUSE Tumbleweed:freerdp-devel-3.20.2-1.1 openSUSE Tumbleweed:freerdp-proxy-3.20.2-1.1 openSUSE Tumbleweed:freerdp-proxy-plugins-3.20.2-1.1 openSUSE Tumbleweed:freerdp-sdl-3.20.2-1.1 openSUSE Tumbleweed:freerdp-server-3.20.2-1.1 openSUSE Tumbleweed:freerdp-wayland-3.20.2-1.1 openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.20.2-1.1 openSUSE Tumbleweed:libfreerdp3-3-3.20.2-1.1 openSUSE Tumbleweed:librdtk0-0-3.20.2-1.1 openSUSE Tumbleweed:libuwac0-0-3.20.2-1.1 openSUSE Tumbleweed:libwinpr3-3-3.20.2-1.1 openSUSE Tumbleweed:rdtk0-devel-3.20.2-1.1 openSUSE Tumbleweed:uwac0-devel-3.20.2-1.1 openSUSE Tumbleweed:winpr-devel-3.20.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-22855.html CVE-2026-22855 https://bugzilla.suse.com/1256721 SUSE Bug 1256721 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use-after-free when one thread removes an entry from serial->IrpThreads while another reads it. This vulnerability is fixed in 3.20.1. CVE-2026-22856 openSUSE Tumbleweed:freerdp-3.20.2-1.1 openSUSE Tumbleweed:freerdp-devel-3.20.2-1.1 openSUSE Tumbleweed:freerdp-proxy-3.20.2-1.1 openSUSE Tumbleweed:freerdp-proxy-plugins-3.20.2-1.1 openSUSE Tumbleweed:freerdp-sdl-3.20.2-1.1 openSUSE Tumbleweed:freerdp-server-3.20.2-1.1 openSUSE Tumbleweed:freerdp-wayland-3.20.2-1.1 openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.20.2-1.1 openSUSE Tumbleweed:libfreerdp3-3-3.20.2-1.1 openSUSE Tumbleweed:librdtk0-0-3.20.2-1.1 openSUSE Tumbleweed:libuwac0-0-3.20.2-1.1 openSUSE Tumbleweed:libwinpr3-3-3.20.2-1.1 openSUSE Tumbleweed:rdtk0-devel-3.20.2-1.1 openSUSE Tumbleweed:uwac0-devel-3.20.2-1.1 openSUSE Tumbleweed:winpr-devel-3.20.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-22856.html CVE-2026-22856 https://bugzilla.suse.com/1256722 SUSE Bug 1256722 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irp_thread_func because the IRP is freed by irp->Complete() and then accessed again on the error path. This vulnerability is fixed in 3.20.1. CVE-2026-22857 openSUSE Tumbleweed:freerdp-3.20.2-1.1 openSUSE Tumbleweed:freerdp-devel-3.20.2-1.1 openSUSE Tumbleweed:freerdp-proxy-3.20.2-1.1 openSUSE Tumbleweed:freerdp-proxy-plugins-3.20.2-1.1 openSUSE Tumbleweed:freerdp-sdl-3.20.2-1.1 openSUSE Tumbleweed:freerdp-server-3.20.2-1.1 openSUSE Tumbleweed:freerdp-wayland-3.20.2-1.1 openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.20.2-1.1 openSUSE Tumbleweed:libfreerdp3-3-3.20.2-1.1 openSUSE Tumbleweed:librdtk0-0-3.20.2-1.1 openSUSE Tumbleweed:libuwac0-0-3.20.2-1.1 openSUSE Tumbleweed:libwinpr3-3-3.20.2-1.1 openSUSE Tumbleweed:rdtk0-devel-3.20.2-1.1 openSUSE Tumbleweed:uwac0-devel-3.20.2-1.1 openSUSE Tumbleweed:winpr-devel-3.20.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-22857.html CVE-2026-22857 https://bugzilla.suse.com/1256723 SUSE Bug 1256723 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c <= 0 can be optimized into a simple c != 0 check. As a result, non-ASCII bytes (e.g., 0x80-0xFF) may bypass the intended range restriction and be used as an index into a global lookup table, causing out-of-bounds access. This vulnerability is fixed in 3.20.1. CVE-2026-22858 openSUSE Tumbleweed:freerdp-3.20.2-1.1 openSUSE Tumbleweed:freerdp-devel-3.20.2-1.1 openSUSE Tumbleweed:freerdp-proxy-3.20.2-1.1 openSUSE Tumbleweed:freerdp-proxy-plugins-3.20.2-1.1 openSUSE Tumbleweed:freerdp-sdl-3.20.2-1.1 openSUSE Tumbleweed:freerdp-server-3.20.2-1.1 openSUSE Tumbleweed:freerdp-wayland-3.20.2-1.1 openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.20.2-1.1 openSUSE Tumbleweed:libfreerdp3-3-3.20.2-1.1 openSUSE Tumbleweed:librdtk0-0-3.20.2-1.1 openSUSE Tumbleweed:libuwac0-0-3.20.2-1.1 openSUSE Tumbleweed:libwinpr3-3-3.20.2-1.1 openSUSE Tumbleweed:rdtk0-devel-3.20.2-1.1 openSUSE Tumbleweed:uwac0-devel-3.20.2-1.1 openSUSE Tumbleweed:winpr-devel-3.20.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-22858.html CVE-2026-22858 https://bugzilla.suse.com/1256724 SUSE Bug 1256724 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server-supplied MSUSB_INTERFACE_DESCRIPTOR values and uses them as indices in libusb_udev_complete_msconfig_setup, causing an out-of-bounds read. This vulnerability is fixed in 3.20.1. CVE-2026-22859 openSUSE Tumbleweed:freerdp-3.20.2-1.1 openSUSE Tumbleweed:freerdp-devel-3.20.2-1.1 openSUSE Tumbleweed:freerdp-proxy-3.20.2-1.1 openSUSE Tumbleweed:freerdp-proxy-plugins-3.20.2-1.1 openSUSE Tumbleweed:freerdp-sdl-3.20.2-1.1 openSUSE Tumbleweed:freerdp-server-3.20.2-1.1 openSUSE Tumbleweed:freerdp-wayland-3.20.2-1.1 openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.20.2-1.1 openSUSE Tumbleweed:libfreerdp3-3-3.20.2-1.1 openSUSE Tumbleweed:librdtk0-0-3.20.2-1.1 openSUSE Tumbleweed:libuwac0-0-3.20.2-1.1 openSUSE Tumbleweed:libwinpr3-3-3.20.2-1.1 openSUSE Tumbleweed:rdtk0-devel-3.20.2-1.1 openSUSE Tumbleweed:uwac0-devel-3.20.2-1.1 openSUSE Tumbleweed:winpr-devel-3.20.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-22859.html CVE-2026-22859 https://bugzilla.suse.com/1256725 SUSE Bug 1256725