ELSA-2026-28244

ULN >
Oracle Linux Errata repository >
ELSA-2026-28244

ELSA-2026-28244 - libpng15 security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2026-06-23

Description

[1.5.30-15.1]
- fix CVE-2026-33416: use-after-free via pointer aliasing in png_set_tRNS and png_set_PLTE (RHEL-161449)

[1.5.30-15]
- fix CVE-2026-25646: heap buffer overflow in png_set_quantize (RHEL-148412)

Related CVEs

CVE-2026-33416

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	libpng15-1.5.30-15.el9_8.1.src.rpm	8d1ee8308981d9be5f5259388f2bf45a1f56667b67b13401032ab79d49735722	-	ol9_aarch64_appstream
	libpng15-1.5.30-15.el9_8.1.aarch64.rpm	07042ab7bb5b163f0887e1e4018cc2594117aaf249ac65aa57f97139076aa578	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	libpng15-1.5.30-15.el9_8.1.src.rpm	8d1ee8308981d9be5f5259388f2bf45a1f56667b67b13401032ab79d49735722	-	ol9_x86_64_appstream
	libpng15-1.5.30-15.el9_8.1.i686.rpm	0b9c5639a235e5feaf3fa1b4d347509342652faa90ca6b92d984746e6379e237	-	ol9_x86_64_appstream
	libpng15-1.5.30-15.el9_8.1.x86_64.rpm	74dc6dfd396d9bdd5aa3a0b0045c5fccfaca595e58ca08be5ddaddb32f54c8a2	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691