USN-8004-2

Details

USN-8004-1 fixed vulnerabilities in FreeRDP. The update for CVE-2026-23533 introduced a regression. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Kim Dong Han discovered that FreeRDP did not correctly validate the size of certain variables, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

Affected Packages

freerdp2

Ubuntu 22.04 LTS

Fixed in:

2.6.1+dfsg1-3ubuntu2.9

freerdp2

Ubuntu Pro 18.04 LTS

Fixed in:

2.2.0+dfsg1-0ubuntu0.18.04.4+esm4

freerdp2

Ubuntu Pro 20.04 LTS

Fixed in:

2.6.1+dfsg1-0ubuntu0.20.04.2+esm2

freerdp2

Ubuntu Pro 24.04 LTS

Fixed in:

2.11.5+dfsg1-1ubuntu0.1~esm4

References

REPORT

https://bugs.launchpad.net/bugs/2139694

REPORT

https://ubuntu.com/security/CVE-2026-23533

ADVISORY

https://ubuntu.com/security/notices/USN-8004-2