Detections
Analytics
openSUSE 16 Security Update : freerdp (openSUSE-SU-2026:20339-1)
high Nessus Plugin ID 302093
Synopsis
The remote openSUSE host is missing one or more security updates.Description
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20339-1 advisory.Update to version 3.22.0 (jsc#PED-15526):
- Major bugfix release:
* Complete overhaul of SDL client
* Introduction of new WINPR_ATTR_NODISCARD macro wrapping compiler or C language version specific [[nodiscard]] attributes
* Addition of WINPR_ATTR_NODISCARD to (some) public API functions so usage errors are producing warnings now
* Add some more stringify functions for logging
* We've received CVE reports, check https://github.com/FreeRDP/FreeRDP/security/advisories for more details! @Keryer reported an issue affecting client and proxy:
* CVE-2026-23948 @ehdgks0627 did some more fuzzying and found quite a number of client side bugs.
* CVE-2026-24682
* CVE-2026-24683
* CVE-2026-24676
* CVE-2026-24677
* CVE-2026-24678
* CVE-2026-24684
* CVE-2026-24679
* CVE-2026-24681
* CVE-2026-24675
* CVE-2026-24491
* CVE-2026-24680
- Changes from version 3.21.0
* [core,info] fix missing NULL check (#12157)
* [gateway,tsg] fix TSG_PACKET_RESPONSE parsing (#12161)
* Allow querying auth identity with kerberos when running as a server (#12162)
* Sspi krb heimdal (#12163)
* Tsg fix idleTimeout parsing (#12167)
* [channels,smartcard] revert 649f7de (#12166)
* [crypto] deprecate er and der modules (#12170)
* [channels,rdpei] lock full update, not only parts (#12175)
* [winpr,platform] add WINPR_ATTR_NODISCARD macro (#12178)
* Wlog cleanup (#12179)
* new stringify functions & touch API defines (#12180)
* Add support for querying SECPKG_ATTR_PACKAGE_INFO to NTLM and Kerberos (#12171)
* [channels,video] measure times in ns (#12184)
* [utils] Nodiscard (#12187)
* Error handling fixes (#12186)
* [channels,drdynvc] check pointer before reset (#12189)
* Winpr api def (#12190)
* [winpr,platform] drop C23 [[nodiscard]] (#12192)
* [gdi] add additional checks for a valid rdpGdi (#12194)
* Sdl3 high dpiv2 (#12173)
* peer: Disconnect if Logon() returned FALSE (#12196)
* [channels,rdpecam] fix PROPERTY_DESCRIPTION parsing (#12197)
* [channel,rdpsnd] only clean up thread before free (#12199)
* [channels,rdpei] add RDPINPUT_CONTACT_FLAG_UP (#12195)
- Update to version 3.21.0:
- Bugfix release with a few new API functions addressing shortcomings with regard to input data validation.
Thanks to @ehdgks0627 we have fixed the following additional (medium) client side vulnerabilities:
* CVE-2026-23530
* CVE-2026-23531
* CVE-2026-23532
* CVE-2026-23533
* CVE-2026-23534
* CVE-2026-23732
* CVE-2026-23883
* CVE-2026-23884
- Changes from version 3.20.2
* [client,sdl] fix monitor resolution (#12142)
* [codec,progressive] fix progressive_rfx_upgrade_block (#12143)
* Krb cache fix (#12145)
* Rdpdr improved checks (#12141)
* Codec advanced length checks (#12146)
* Glyph fix length checks (#12151)
* Wlog printf format string checks (#12150)
* [warnings,format] fix format string warnings (#12152)
* Double free fixes (#12153)
* [clang-tidy] clean up code warnings (#12154)
- Update to version 3.20.2:
- Patch release fixing a regression with gateway connections introduced with 3.20.1 ## What's Changed
* Warnings and missing enumeration types (#12137)
- Changes from version 3.20.1:
- New years cleanup release. Fixes some issues reported and does a cleaning sweep to bring down warnings.
Thanks to @ehdgks0627 doing some code review/testing we've uncovered the following (medium) vulnerabilities:
* CVE-2026-22851
* CVE-2026-22852
* CVE-2026-22853
* CVE-2026-22854
* CVE-2026-22855
* CVE-2026-22856
* CVE-2026-22857
* CVE-2026-22858
* CVE-2026-22859
- These affect FreeRDP based clients only, with the exception of CVE-2026-22858 also affecting FreeRDP proxy. FreeRDP based servers are not affected.
- Update to version 3.20.0:
* Mingw fixes (#12070)
* [crypto,certificate_data] add some hostname sanitation
* [client,common]: Fix loading of rdpsnd channel
* [client,sdl] set touch and pen hints
- Changes from version 3.19.1:
* [core,transport] improve SSL error logging
* [utils,helpers] fix freerdp_settings_get_legacy_config_path
* From stdin and sdl-creds improve
* [crypto,certificate] sanitize hostnames
* [channels,drdynvc] propagate error in dynamic channel
* [CMake] make Mbed-TLS and LibreSSL experimental
* Json fix
* rdpecam: send sample only if it's available
* [channels,rdpecam] allow MJPEG frame skip and direct passthrough
* [winpr,utils] explicit NULL checks in jansson WINPR_JSON_ParseWithLength
- Changes from version 3.19.0:
* [client,common] fix retry counter
* [cmake] fix aarch64 neon detection
* Fix response body existence check when using RDP Gateway
* fix line clipping issue
* Clip coord fix
* [core,input] Add debug log to keyboard state sync
* Update command line usage for gateway option
* [codec,ffmpeg] 8.0 dropped AV_PROFILE_AAC_MAIN
* [channels,audin] fix pulse memory leak
* [channels,drive] Small performance improvements in drive channel
* [winpr,utils] fix command line error logging
* [common,test] Adjust AVC and H264 expectations
* drdynvc: implement compressed packet
* [channels,rdpecam] improve log messages
* Fix remote credential guard channel loading
* Fix inverted ifdef
* [core,nego] disable all enabled modes except the one requested
* rdpear: handle basic NTLM commands and fix server-side
* [smartcardlogon] Fix off-by-one error in `smartcard_hw_enumerateCerts`
* rdpecam: fix camera sample grabbing
- Update to version 3.18.0:
- Fix a regression reading passwords from stdin
- Fix a timer regression (?s instead of ms)
- Improved multitouch support
- Fix a bug with PLANAR codec (used with /bpp:32 or sometimes with /gfx)
- Better error handling for ARM transport (Entra)
- Fix audio encoder lag (microphone/AAC) with FFMPEG
- Support for janssen JSON library
- Update to version 3.17.2:
- Minor improvements and bugfix release.
- Most notably resource usage (file handles) has been greatly reduced and static build pkg-config have been fixed.
For users of xfreerdp RAILS/RemoteApp mode the switch to DesktopSession mode has been fixed (working UAC screen)
- Changes from version 3.17.1
- Minor improvements and bugfix release.
* most notably a memory leak was addressed
* fixed header files missing C++ guards
* xfreerdp as well as the SDL clients now support a system wide configuration file
* Heimdal kerberos support was improved
* builds with [MS-RDPEAR] now properly abort at configure if Heimdal is used (this configuration was never supported, so ensure nobody compiles it that way)
- Enable openh264 support, we can build against the noopenh264 stub
- Update to 3.17.0:
* [client,sdl2] fix build with webview (#11685)
* [core,nla] use wcslen for password length (#11687)
* Clear channel error prior to call channel init event proc (#11688)
* Warn args (#11689)
* [client,common] fix -mouse-motion (#11690)
* [core,proxy] fix IPv4 and IPv6 length (#11692)
* Regression fix2 (#11696)
* Log fixes (#11693)
* [common,settings] fix int casts (#11699)
* [core,connection] fix log level of several messages (#11697)
* [client,sdl] print current video driver (#11701)
* [crypto,tls] print big warning for /cert:ignore (#11704)
* [client,desktop] fix StartupWMClass setting (#11708)
* [cmake] unify version creation (#11711)
* [common,settings] force reallocation on caps copy (#11715)
* [manpages] Add example of keyboard remapping (#11718)
* Some fixes in Negotiate and NLA (#11722)
* [client,x11] fix clipboard issues (#11724)
* kerberos: do various tries for TGT retrieval in u2u (#11723)
* Cmdline escape strings (#11735)
* [winpr,utils] do not log command line arguments (#11736)
* [api,doc] Add stylesheed for doxygen (#11738)
* [core,proxy] fix BIO read methods (#11739)
* [client,common] fix sso_mib_get_access_token return value in error case (#11741)
* [crypto,tls] do not use context->settings->instance (#11749)
* winpr: re-introduce the credentials module (#11734)
* [winpr,timezone] ensure thread-safe initialization (#11754)
* core/redirection: Ensure stream has enough space for the certificate (#11762)
* [client,common] do not log success (#11766)
* Clean up bugs exposed on systems with high core counts (#11761)
* [cmake] add installWithRPATH (#11747)
* [clang-tidy] fix various warnings (#11769)
* Wlog improve type checks (#11774)
* [client,common] fix tenantid command line parsing (#11779)
* Proxy module static and shared linking support (#11768)
* LoadLibrary Null fix (#11786)
* [client,common] add freerdp_client_populate_settings_from_rdp_file_un (#11780)
* Fullchain support (#11787)
* [client,x11] ignore floatbar events (#11771)
* [winpr,credentials] prefer utf-8 over utf-16-LE #11790
* [proxy,modules] ignore bitmap-filter skip remaining #11789
- Update to 3.16.0:
* Lots of improvements for the SDL3 client
* Various X11 client improvements
* Add a timer implementation
* Various AAD/Azure/Entra improvements
* YUV420 primitives fixes
- Update to 3.15.0:
* [client,sdl] fix crash on suppress output
* [channels,remdesk] fix possible memory leak
* [client,x11] map exit code success
* Hidef rail checks and deprecation fixe
* Standard rdp security network issues
* [core,rdp] fix check for SEC_FLAGSHI_VALID
* [core,caps] fix rdp_apply_order_capability_set
* [core,proxy] align no_proxy to curl
* [core,gateway] fix string reading for TSG
* [client,sdl] refactor display update
- Update to version 3.14.0:
- Bugfix and cleanup release. Due to some new API functions the minor version has been increased.
- Changes from version 3.13.0:
- Friends of old hardware rejoice, serial port redirection got an update (not kidding you)
- Android builds have been updated to be usable again
- Mingw builds now periodically do a shared and static build
- Fixed some bugs and regressions along the way and improved test coverage as well
- Changes from version 3.12.0:
- Multimonitor backward compatibility fixes
- Smartcard compatibility
- Improve the [MS-RDPECAM] support
- Improve smartcard redirection support + Refactor SSE optimizations: Split headers, unify load/store, require SSE3 for all optimized functions + Refactors the CMake build to better support configuration based builders + Fix a few regressions from last release (USB redirection and graphical glitches)
- Changes from version 3.11.0:
+ A new release with bugfixes and code cleanups as well as a few nifty little features
- CVE-2024-22211: In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. (bsc#1219049)
- CVE-2024-32658: Fixedout-of-bounds read in Interleaved RLE Bitmap Codec in FreeRDP based clients (bsc#1223353)
- Multiple CVE fixes + CVE-2024-32659: Fixed out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`(bsc#1223346) + CVE-2024-32660: Fixed client crash via invalid huge allocation size (bsc#1223347) + CVE-2024-32661: Fixed client NULL pointer dereference (bsc#1223348)
- Multiple CVE fixes:
* bsc#1223293, CVE-2024-32039
* bsc#1223294, CVE-2024-32040
* bsc#1223295, CVE-2024-32041
* bsc#1223296, CVE-2024-32458
* bsc#1223297, CVE-2024-32459
* bsc#1223298, CVE-2024-32460
* Fix CVE-2023-40574 - bsc#1214869: Out-Of-Bounds Write in general_YUV444ToRGB_8u_P3AC4R_BGRX
* Fix CVE-2023-40575 - bsc#1214870: Out-Of-Bounds Read in general_YUV444ToRGB_8u_P3AC4R_BGRX
* Fix CVE-2023-40576 - bsc#1214871: Out-Of-Bounds Read in RleDecompress
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.suse.com/1214869
https://bugzilla.suse.com/1214870
https://bugzilla.suse.com/1214871
https://bugzilla.suse.com/1219049
https://bugzilla.suse.com/1223293
https://bugzilla.suse.com/1223294
https://bugzilla.suse.com/1223295
https://bugzilla.suse.com/1223296
https://bugzilla.suse.com/1223297
https://bugzilla.suse.com/1223298
https://bugzilla.suse.com/1223346
https://bugzilla.suse.com/1223347
https://bugzilla.suse.com/1223348
https://bugzilla.suse.com/1223353
https://bugzilla.suse.com/1243109
https://bugzilla.suse.com/1256717
https://bugzilla.suse.com/1256718
https://bugzilla.suse.com/1256719
https://bugzilla.suse.com/1256720
https://bugzilla.suse.com/1256721
https://bugzilla.suse.com/1256722
https://bugzilla.suse.com/1256723
https://bugzilla.suse.com/1256724
https://bugzilla.suse.com/1256725
https://bugzilla.suse.com/1256940
https://bugzilla.suse.com/1256941
https://bugzilla.suse.com/1256942
https://bugzilla.suse.com/1256943
https://bugzilla.suse.com/1256944
https://bugzilla.suse.com/1256945
https://bugzilla.suse.com/1256946
https://bugzilla.suse.com/1256947
https://www.suse.com/security/cve/CVE-2023-40574
https://www.suse.com/security/cve/CVE-2023-40575
https://www.suse.com/security/cve/CVE-2023-40576
https://www.suse.com/security/cve/CVE-2024-22211
https://www.suse.com/security/cve/CVE-2024-32039
https://www.suse.com/security/cve/CVE-2024-32040
https://www.suse.com/security/cve/CVE-2024-32041
https://www.suse.com/security/cve/CVE-2024-32458
https://www.suse.com/security/cve/CVE-2024-32459
https://www.suse.com/security/cve/CVE-2024-32460
https://www.suse.com/security/cve/CVE-2024-32658
https://www.suse.com/security/cve/CVE-2024-32659
https://www.suse.com/security/cve/CVE-2024-32660
https://www.suse.com/security/cve/CVE-2024-32661
https://www.suse.com/security/cve/CVE-2025-4478
https://www.suse.com/security/cve/CVE-2026-22851
https://www.suse.com/security/cve/CVE-2026-22852
https://www.suse.com/security/cve/CVE-2026-22853
https://www.suse.com/security/cve/CVE-2026-22854
https://www.suse.com/security/cve/CVE-2026-22855
https://www.suse.com/security/cve/CVE-2026-22856
https://www.suse.com/security/cve/CVE-2026-22857
https://www.suse.com/security/cve/CVE-2026-22858
https://www.suse.com/security/cve/CVE-2026-22859
https://www.suse.com/security/cve/CVE-2026-23530
https://www.suse.com/security/cve/CVE-2026-23531
https://www.suse.com/security/cve/CVE-2026-23532
https://www.suse.com/security/cve/CVE-2026-23533
https://www.suse.com/security/cve/CVE-2026-23534
https://www.suse.com/security/cve/CVE-2026-23732
https://www.suse.com/security/cve/CVE-2026-23883
https://www.suse.com/security/cve/CVE-2026-23884
https://www.suse.com/security/cve/CVE-2026-23948
https://www.suse.com/security/cve/CVE-2026-24491
https://www.suse.com/security/cve/CVE-2026-24675
https://www.suse.com/security/cve/CVE-2026-24676
https://www.suse.com/security/cve/CVE-2026-24677
https://www.suse.com/security/cve/CVE-2026-24678
https://www.suse.com/security/cve/CVE-2026-24679
https://www.suse.com/security/cve/CVE-2026-24680
https://www.suse.com/security/cve/CVE-2026-24681
https://www.suse.com/security/cve/CVE-2026-24682
Plugin Details
Severity: High
ID: 302093
File Name: openSUSE-2026-20339-1.nasl
Version: 1.1
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 3/13/2026
Updated: 3/13/2026
Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2026-23884
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS v4
Risk Factor: High
Base Score: 8.7
Threat Score: 7.7
Threat Vector: CVSS:4.0/E:P
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVSS Score Source: CVE-2026-24684
Vulnerability Information
CPE: cpe:/o:novell:opensuse:16.0, p-cpe:/a:novell:opensuse:freerdp-devel, p-cpe:/a:novell:opensuse:libfreerdp-server-proxy3-3, p-cpe:/a:novell:opensuse:uwac0-devel, p-cpe:/a:novell:opensuse:freerdp-sdl, p-cpe:/a:novell:opensuse:freerdp-proxy-plugins, p-cpe:/a:novell:opensuse:libfreerdp3-3, p-cpe:/a:novell:opensuse:freerdp, p-cpe:/a:novell:opensuse:librdtk0-0, p-cpe:/a:novell:opensuse:libwinpr3-3, p-cpe:/a:novell:opensuse:freerdp-server, p-cpe:/a:novell:opensuse:freerdp-proxy, p-cpe:/a:novell:opensuse:freerdp-wayland, p-cpe:/a:novell:opensuse:winpr-devel, p-cpe:/a:novell:opensuse:rdtk0-devel, p-cpe:/a:novell:opensuse:libuwac0-0
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/10/2026
Vulnerability Publication Date: 8/31/2023
Reference Information
CVE: CVE-2023-40574, CVE-2023-40575, CVE-2023-40576, CVE-2024-22211, CVE-2024-32039, CVE-2024-32040, CVE-2024-32041, CVE-2024-32458, CVE-2024-32459, CVE-2024-32460, CVE-2024-32658, CVE-2024-32659, CVE-2024-32660, CVE-2024-32661, CVE-2025-4478, CVE-2026-22851, CVE-2026-22852, CVE-2026-22853, CVE-2026-22854, CVE-2026-22855, CVE-2026-22856, CVE-2026-22857, CVE-2026-22858, CVE-2026-22859, CVE-2026-23530, CVE-2026-23531, CVE-2026-23532, CVE-2026-23533, CVE-2026-23534, CVE-2026-23732, CVE-2026-23883, CVE-2026-23884, CVE-2026-23948, CVE-2026-24491, CVE-2026-24675, CVE-2026-24676, CVE-2026-24677, CVE-2026-24678, CVE-2026-24679, CVE-2026-24680, CVE-2026-24681, CVE-2026-24682, CVE-2026-24683, CVE-2026-24684
IAVA: 2024-A-0259-S, 2026-A-0099