Red Hat Product Errata RHSA-2026:13860 - Security Advisory Issued: 2026-05-05 Updated: 2026-05-05 RHSA-2026:13860 - Security Advisory Overview Updated Packages Synopsis Important: LibRaw security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for LibRaw is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description LibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others). Security Fix(es): LibRaw: LibRaw: Arbitrary code execution via heap-based buffer overflow in lossless JPEG loading (CVE-2026-21413) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x Fixes BZ - 2455929 - CVE-2026-21413 LibRaw: LibRaw: Arbitrary code execution via heap-based buffer overflow in lossless JPEG loading CVEs CVE-2026-21413 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 SRPM LibRaw-0.20.2-6.el9_0.src.rpm SHA-256: 6c7ad4ebe91e2a5e037eb2b323de4f2da53c7e1704d23325550b82fd8bbf8151 ppc64le LibRaw-0.20.2-6.el9_0.ppc64le.rpm SHA-256: a48e66195d71c446491d4118e46b88dc08daa29cf25623e322185dec8b19ee5b LibRaw-debuginfo-0.20.2-6.el9_0.ppc64le.rpm SHA-256: 80b3547041946beb4045bb90cff510fe93f9c59a1f02a2c791ca5b2992743568 LibRaw-debugsource-0.20.2-6.el9_0.ppc64le.rpm SHA-256: 2742392e4ab2c5bb3170d934234d8d7390be2ac51994dd3951982c0fd295430c LibRaw-samples-debuginfo-0.20.2-6.el9_0.ppc64le.rpm SHA-256: 554ee5db8c3bcb38458a9fc69eafd4f18617b82d08f4f223c7765aa29542a0c7 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 SRPM LibRaw-0.20.2-6.el9_0.src.rpm SHA-256: 6c7ad4ebe91e2a5e037eb2b323de4f2da53c7e1704d23325550b82fd8bbf8151 x86_64 LibRaw-0.20.2-6.el9_0.i686.rpm SHA-256: c500d3a053612ab599e04538d0194b0ef9a918a958703a7f7e23c3e34f538c9d LibRaw-0.20.2-6.el9_0.x86_64.rpm SHA-256: 4a2ac16be36105478cfa77a33414994c30df5a5e0060f17eb9671fbab9f40a9b LibRaw-debuginfo-0.20.2-6.el9_0.i686.rpm SHA-256: 42f8da0651de448406e57d5a08c1a0abe98e94710223df57600b7de4dd40a171 LibRaw-debuginfo-0.20.2-6.el9_0.x86_64.rpm SHA-256: 0657603231e7dbf30d1d73b548752f9ea867a7f32f44f7cd638d07484fee8d3a LibRaw-debugsource-0.20.2-6.el9_0.i686.rpm SHA-256: f148088059e6fac68b26d7f1604bd5ee16104406db2c9a6f0ac9be70f903e312 LibRaw-debugsource-0.20.2-6.el9_0.x86_64.rpm SHA-256: 84683b9c0202bcb0b3f0b66041304a3e28d2046c643a2207283e400bf78d1ff5 LibRaw-samples-debuginfo-0.20.2-6.el9_0.i686.rpm SHA-256: 0e725a74b17d6f304c7d5d8701dd5132636c2cb684bab405a8443768cc87edfe LibRaw-samples-debuginfo-0.20.2-6.el9_0.x86_64.rpm SHA-256: 5aa4d7968a3072ff83da188156841f29aec972a0867d1a644e28098a92f3e734 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 SRPM LibRaw-0.20.2-6.el9_0.src.rpm SHA-256: 6c7ad4ebe91e2a5e037eb2b323de4f2da53c7e1704d23325550b82fd8bbf8151 aarch64 LibRaw-0.20.2-6.el9_0.aarch64.rpm SHA-256: a23b2c6bf93f4342a42f659d5ee886b5f2f971949e221d914281371c8b74591f LibRaw-debuginfo-0.20.2-6.el9_0.aarch64.rpm SHA-256: 10f1980b9172aced72efecf9d1f7670b4f8c7096753981c832110c693913c35c LibRaw-debugsource-0.20.2-6.el9_0.aarch64.rpm SHA-256: 49f7464c51761fb0916c41e6088c18a2e326e79c176ed6832025724d5bc25d95 LibRaw-samples-debuginfo-0.20.2-6.el9_0.aarch64.rpm SHA-256: 2711a36ac14775967fbe1c89b6e62eac4dd84554b603c87707b4ff596c239de4 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 SRPM LibRaw-0.20.2-6.el9_0.src.rpm SHA-256: 6c7ad4ebe91e2a5e037eb2b323de4f2da53c7e1704d23325550b82fd8bbf8151 s390x LibRaw-0.20.2-6.el9_0.s390x.rpm SHA-256: 47170e3e522585263b54d479ee12b3906bfe791fea4973834869ef8713cb6b04 LibRaw-debuginfo-0.20.2-6.el9_0.s390x.rpm SHA-256: bf293c738507bc7f88a63ddc2ba5b456d7eca90903b215f4a89b806eb09960e3 LibRaw-debugsource-0.20.2-6.el9_0.s390x.rpm SHA-256: c354b7796bc4cfcf1a3bc5f3b7256cafab27187613d9062eebf9477fdbd1cef1 LibRaw-samples-debuginfo-0.20.2-6.el9_0.s390x.rpm SHA-256: 31b85a7059d2440998366caffebd2b3ad4ce5c6a01bc7d169ecdedb79e6bc977 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .