SUSE-SU-2026:1640-1

This update for freerdp2 fixes the following issues:

• CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted WIRE_TO_SURFACE_2 PDU (bsc#1258919).
• CVE-2026-25942: Global-buffer-overflow in xf_rail_server_execute_result (bsc#1258920).
• CVE-2026-25952: Heap-use-after-free in xf_SetWindowMinMaxInfo (bsc#1258921).
• CVE-2026-25953: Heap-use-after-free in xf_AppUpdateWindowFromSurface (bsc#1258923).
• CVE-2026-25954: Heap-use-after-free in xf_rail_server_local_move_size (bsc#1258924).
• CVE-2026-25997: Heap-use-after-free in xf_clipboard_format_equal (bsc#1258977).
• CVE-2026-26986: Heap-use-after-free in rail_window_free (bsc#1258967).
• CVE-2026-27015: Smartcard NDR alignment padding triggers reachable WINPR_ASSERT abort (bsc#1258987).
• CVE-2026-27951: Denial of Service via endless blocking loop in Stream_EnsureCapacity (bsc#1258939).
• CVE-2026-29774: Missing bounds validation can cause a client-side heap buffer overflow (bsc#1259689).
• CVE-2026-29775: Malicious server can trigger a client-side heap out-of-bounds access (bsc#1259684).
• CVE-2026-29776: Missing length check can lead to an integer underflow (bsc#1259692).
• CVE-2026-31897: Missing length check can cause an out-of-bounds read (bsc#1259693).