[ubuntu/questing-updates] freerdp3 3.16.0+dfsg-2ubuntu0.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Mon Feb 16 06:28:43 UTC 2026
freerdp3 (3.16.0+dfsg-2ubuntu0.1) questing-security; urgency=medium
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2026-23948.patch: fix missing NULL check
- CVE-2026-23948
* SECURITY UPDATE: heap overflow
- debian/patches/CVE-2026-24491-1.patch: reset channel_callback
before close
- debian/patches/CVE-2026-24491-2.patch: check pointer before
reset
- debian/patches/CVE-2026-24675.patch: do not free MsConfig on
failure
- debian/patches/CVE-2026-24677.patch: ensure sws context size
matches
- debian/patches/CVE-2026-24679.patch: ensure InterfaceNumber is
within range
- debian/patches/CVE-2026-24682.patch: fix audin_server_recv_formats
cleanup
- CVE-2026-24491
- CVE-2026-24675
- CVE-2026-24677
- CVE-2026-24679
- CVE-2026-24682
* SECURITY UPDATE: heap use after free
- debian/patches/CVE-2026-24676.patch: reset audin->format
- debian/patches/CVE-2026-24678.patch: ensure all streams are
stopped
- debian/patches/CVE-2026-24680.patch: reset pointer after memory
release
- debian/patches/CVE-2026-24681.patch: cancel all usb transfers on
channel close
- debian/patches/CVE-2026-24683.patch: lock context when updating
listener
- debian/patches/CVE-2026-24684-1.patch: terminate thread before
free
- debian/patches/CVE-2026-24684-2.patch: only clean up thread
before free
- CVE-2026-24676
- CVE-2026-24678
- CVE-2026-24680
- CVE-2026-24681
- CVE-2026-24683
- CVE-2026-24684
Date: 2026-02-13 15:24:11.291918+00:00
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/freerdp3/3.16.0+dfsg-2ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list