ELSA-2026-28255

ELSA-2026-28255 - libpng security update

Type:SECURITY
Impact:MODERATE
Release Date:2026-06-23

Description


[2:1.6.37-15.2]
- fix CVE-2026-33416: use-after-free via pointer aliasing in png_set_tRNS and png_set_PLTE (RHEL-161448)

[2:1.6.37-15.1]
- fix CVE-2026-33636: out-of-bounds R/W in the palette expansion on ARM Neon (RHEL-161299)


Related CVEs


CVE-2026-33416
CVE-2026-33636

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) libpng-1.6.37-15.el9_8.2.src.rpm90c81eceda1f712439ebfba086fbc54f873176f8738f6acbb115d7fc23f4f1bb-ol9_aarch64_appstream
libpng-1.6.37-15.el9_8.2.src.rpm90c81eceda1f712439ebfba086fbc54f873176f8738f6acbb115d7fc23f4f1bb-ol9_aarch64_baseos_latest
libpng-1.6.37-15.el9_8.2.src.rpm90c81eceda1f712439ebfba086fbc54f873176f8738f6acbb115d7fc23f4f1bb-ol9_aarch64_u8_baseos_patch
libpng-1.6.37-15.el9_8.2.aarch64.rpm4186f985c7516102a60c006ce96fcb328c8670ba4f5c1da6c09f1fc470f7452f-ol9_aarch64_baseos_latest
libpng-1.6.37-15.el9_8.2.aarch64.rpm4186f985c7516102a60c006ce96fcb328c8670ba4f5c1da6c09f1fc470f7452f-ol9_aarch64_u8_baseos_patch
libpng-devel-1.6.37-15.el9_8.2.aarch64.rpm07dd60ea003b57ca18ea1fa0873e589c1d633e640ea59ab1cffa5be0a0400a89-ol9_aarch64_appstream
Oracle Linux 9 (x86_64) libpng-1.6.37-15.el9_8.2.src.rpm90c81eceda1f712439ebfba086fbc54f873176f8738f6acbb115d7fc23f4f1bb-ol9_x86_64_appstream
libpng-1.6.37-15.el9_8.2.src.rpm90c81eceda1f712439ebfba086fbc54f873176f8738f6acbb115d7fc23f4f1bb-ol9_x86_64_baseos_latest
libpng-1.6.37-15.el9_8.2.src.rpm90c81eceda1f712439ebfba086fbc54f873176f8738f6acbb115d7fc23f4f1bb-ol9_x86_64_u8_baseos_patch
libpng-1.6.37-15.el9_8.2.i686.rpm657a66d387803a4c246be1d53f1dfa500e4563edf4b3fa578e7e5bc26f654362-ol9_x86_64_baseos_latest
libpng-1.6.37-15.el9_8.2.i686.rpm657a66d387803a4c246be1d53f1dfa500e4563edf4b3fa578e7e5bc26f654362-ol9_x86_64_u8_baseos_patch
libpng-1.6.37-15.el9_8.2.x86_64.rpm2b4233b6a766b094d44f2a6112518131fa05e01d1b9bcb5a8d68c8bf03ce5d06-ol9_x86_64_baseos_latest
libpng-1.6.37-15.el9_8.2.x86_64.rpm2b4233b6a766b094d44f2a6112518131fa05e01d1b9bcb5a8d68c8bf03ce5d06-ol9_x86_64_u8_baseos_patch
libpng-devel-1.6.37-15.el9_8.2.i686.rpmd5b9572777ed9aa2b6050072083205b99cae8a132157f669a0d16d775cc2b6d8-ol9_x86_64_appstream
libpng-devel-1.6.37-15.el9_8.2.x86_64.rpm275e700da11c098374d96ebf987fd573306e386e1afbbe0bbfd5e6b48ccdbb58-ol9_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete