ELSA-2026-28233

ELSA-2026-28233 - libpng security update

Type:SECURITY
Impact:MODERATE
Release Date:2026-07-16

Description


[2:1.6.40-11.1]
- fix CVE-2026-33416: use-after-free via pointer aliasing in png_set_tRNS and png_set_PLTE (RHEL-161329)
- fix CVE-2026-33636: out-of-bounds R/W in the palette expansion on ARM Neon (RHEL-161213)


Related CVEs


CVE-2026-33416
CVE-2026-33636

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 10 (aarch64) libpng-1.6.40-11.el10_2.1.src.rpm4fd1ec2867f4fda58de335bc17a1fe01f3b9a8ba6a1f79637308502a795bc31e-ol10_aarch64_appstream
libpng-1.6.40-11.el10_2.1.src.rpm4fd1ec2867f4fda58de335bc17a1fe01f3b9a8ba6a1f79637308502a795bc31e-ol10_aarch64_baseos_latest
libpng-1.6.40-11.el10_2.1.src.rpm4fd1ec2867f4fda58de335bc17a1fe01f3b9a8ba6a1f79637308502a795bc31e-ol10_aarch64_u2_baseos_patch
libpng-1.6.40-11.el10_2.1.aarch64.rpmb66800f51d28aaf137bbac240443fa5671fee333ceff4783d3a888dddfee2772-ol10_aarch64_baseos_latest
libpng-1.6.40-11.el10_2.1.aarch64.rpmb66800f51d28aaf137bbac240443fa5671fee333ceff4783d3a888dddfee2772-ol10_aarch64_u2_baseos_patch
libpng-devel-1.6.40-11.el10_2.1.aarch64.rpm6230b0d11d048816167a4e7731d5a57e31242264189d2c32c55a29eb1a782ba5-ol10_aarch64_appstream
Oracle Linux 10 (x86_64) libpng-1.6.40-11.el10_2.1.src.rpm4fd1ec2867f4fda58de335bc17a1fe01f3b9a8ba6a1f79637308502a795bc31e-ol10_x86_64_appstream
libpng-1.6.40-11.el10_2.1.src.rpm4fd1ec2867f4fda58de335bc17a1fe01f3b9a8ba6a1f79637308502a795bc31e-ol10_x86_64_baseos_latest
libpng-1.6.40-11.el10_2.1.src.rpm4fd1ec2867f4fda58de335bc17a1fe01f3b9a8ba6a1f79637308502a795bc31e-ol10_x86_64_u2_baseos_patch
libpng-1.6.40-11.el10_2.1.x86_64.rpm48f129eace4b4b93b6edb7f702a88fc62b954a9ef9c179e580e2c54a82cd1eac-ol10_x86_64_baseos_latest
libpng-1.6.40-11.el10_2.1.x86_64.rpm48f129eace4b4b93b6edb7f702a88fc62b954a9ef9c179e580e2c54a82cd1eac-ol10_x86_64_u2_baseos_patch
libpng-devel-1.6.40-11.el10_2.1.x86_64.rpm4d3f0a10b6078ed6f6ee642b3a90a734b75126a24f8feca293d4d539621ba35f-ol10_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete