Red Hat Product Errata RHSA-2026:17524 - Security Advisory Issued: 2026-05-14 Updated: 2026-05-14 RHSA-2026:17524 - Security Advisory Overview Updated Packages Synopsis Moderate: libpng security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for libpng is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files. Security Fix(es): libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion (CVE-2026-33636) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2451819 - CVE-2026-33636 libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion CVEs CVE-2026-33636 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM libpng-1.6.37-12.el9_6.3.src.rpm SHA-256: 57392fb3e1a540342b90cc5af4f058cb1af46205ad04c8f9a3cef85ce8961309 x86_64 libpng-1.6.37-12.el9_6.3.i686.rpm SHA-256: 2ac41d30761c3fd636227dd4e7456eda9bd71c1bff767d8d8d49b7318e3cea47 libpng-1.6.37-12.el9_6.3.x86_64.rpm SHA-256: c3fcf87f9c7b160638ff9f37b25602ebee289ca500bd5dc45213a160650f576b libpng-debuginfo-1.6.37-12.el9_6.3.i686.rpm SHA-256: 787591554dc4c7566d7ae6652231f329958662031876f28e35cbd5dcef27b998 libpng-debuginfo-1.6.37-12.el9_6.3.i686.rpm SHA-256: 787591554dc4c7566d7ae6652231f329958662031876f28e35cbd5dcef27b998 libpng-debuginfo-1.6.37-12.el9_6.3.x86_64.rpm SHA-256: 96f979dfaa53c505cc7599c305648e30910e68917e2a458eaa61e5571ac365f1 libpng-debuginfo-1.6.37-12.el9_6.3.x86_64.rpm SHA-256: 96f979dfaa53c505cc7599c305648e30910e68917e2a458eaa61e5571ac365f1 libpng-debugsource-1.6.37-12.el9_6.3.i686.rpm SHA-256: 664fb89adf7b12e1bb9d09d792aabb86085d47ad270558924f083622418fc7ac libpng-debugsource-1.6.37-12.el9_6.3.i686.rpm SHA-256: 664fb89adf7b12e1bb9d09d792aabb86085d47ad270558924f083622418fc7ac libpng-debugsource-1.6.37-12.el9_6.3.x86_64.rpm SHA-256: 93f63538f8efb1bd9d0f22a233377f4c4cda517bc71c77afe61bb4c52f28763c libpng-debugsource-1.6.37-12.el9_6.3.x86_64.rpm SHA-256: 93f63538f8efb1bd9d0f22a233377f4c4cda517bc71c77afe61bb4c52f28763c libpng-devel-1.6.37-12.el9_6.3.i686.rpm SHA-256: 1b171e11a2373f1403c7f04e82a002e2730e946e706d481e1b1e6916a186614a libpng-devel-1.6.37-12.el9_6.3.x86_64.rpm SHA-256: fd640a5a0f6f42bcf5debb45a08d1a22dd45d839c60e7ab9574a4a3c16b4ffbe libpng-devel-debuginfo-1.6.37-12.el9_6.3.i686.rpm SHA-256: 31d006b8f298fe496bd7e75f50696a327d7b65e5a395292bb73ac20f84c67d08 libpng-devel-debuginfo-1.6.37-12.el9_6.3.i686.rpm SHA-256: 31d006b8f298fe496bd7e75f50696a327d7b65e5a395292bb73ac20f84c67d08 libpng-devel-debuginfo-1.6.37-12.el9_6.3.x86_64.rpm SHA-256: e591c95f0812f5aa9471603e705ba932859836fdd4b94119b8813b37dc5b9e50 libpng-devel-debuginfo-1.6.37-12.el9_6.3.x86_64.rpm SHA-256: e591c95f0812f5aa9471603e705ba932859836fdd4b94119b8813b37dc5b9e50 libpng-tools-debuginfo-1.6.37-12.el9_6.3.i686.rpm SHA-256: 8019c6bbd1a13a429a25b1b39f8f279309b9256f2c66cfb430f98739885e55ba libpng-tools-debuginfo-1.6.37-12.el9_6.3.i686.rpm SHA-256: 8019c6bbd1a13a429a25b1b39f8f279309b9256f2c66cfb430f98739885e55ba libpng-tools-debuginfo-1.6.37-12.el9_6.3.x86_64.rpm SHA-256: de413abab8202b6102fca1ea4d63d6df5880e9d0cd8524e370d91244277ada54 libpng-tools-debuginfo-1.6.37-12.el9_6.3.x86_64.rpm SHA-256: de413abab8202b6102fca1ea4d63d6df5880e9d0cd8524e370d91244277ada54 Red Hat Enterprise Linux Server - AUS 9.6 SRPM libpng-1.6.37-12.el9_6.3.src.rpm SHA-256: 57392fb3e1a540342b90cc5af4f058cb1af46205ad04c8f9a3cef85ce8961309 x86_64 libpng-1.6.37-12.el9_6.3.i686.rpm SHA-256: 2ac41d30761c3fd636227dd4e7456eda9bd71c1bff767d8d8d49b7318e3cea47 libpng-1.6.37-12.el9_6.3.x86_64.rpm SHA-256: c3fcf87f9c7b160638ff9f37b25602ebee289ca500bd5dc45213a160650f576b libpng-debuginfo-1.6.37-12.el9_6.3.i686.rpm SHA-256: 787591554dc4c7566d7ae6652231f329958662031876f28e35cbd5dcef27b998 libpng-debuginfo-1.6.37-12.el9_6.3.i686.rpm SHA-256: 787591554dc4c7566d7ae6652231f329958662031876f28e35cbd5dcef27b998 libpng-debuginfo-1.6.37-12.el9_6.3.x86_64.rpm SHA-256: 96f979dfaa53c505cc7599c305648e30910e68917e2a458eaa61e5571ac365f1 libpng-debuginfo-1.6.37-12.el9_6.3.x86_64.rpm SHA-256: 96f979dfaa53c505cc7599c305648e30910e68917e2a458eaa61e5571ac365f1 libpng-debugsource-1.6.37-12.el9_6.3.i686.rpm SHA-256: 664fb89adf7b12e1bb9d09d792aabb86085d47ad270558924f083622418fc7ac libpng-debugsource-1.6.37-12.el9_6.3.i686.rpm SHA-256: 664fb89adf7b12e1bb9d09d792aabb86085d47ad270558924f083622418fc7ac libpng-debugsource-1.6.37-12.el9_6.3.x86_64.rpm SHA-256: 93f63538f8efb1bd9d0f22a233377f4c4cda517bc71c77afe61bb4c52f28763c libpng-debugsource-1.6.37-12.el9_6.3.x86_64.rpm SHA-256: 93f63538f8efb1bd9d0f22a233377f4c4cda517bc71c77afe61bb4c52f28763c libpng-devel-1.6.37-12.el9_6.3.i686.rpm SHA-256: 1b171e11a2373f1403c7f04e82a002e2730e946e706d481e1b1e6916a186614a libpng-devel-1.6.37-12.el9_6.3.x86_64.rpm SHA-256: fd640a5a0f6f42bcf5debb45a08d1a22dd45d839c60e7ab9574a4a3c16b4ffbe libpng-devel-debuginfo-1.6.37-12.el9_6.3.i686.rpm SHA-256: 31d006b8f298fe496bd7e75f50696a327d7b65e5a395292bb73ac20f84c67d08 libpng-devel-debuginfo-1.6.37-12.el9_6.3.i686.rpm SHA-256: 31d006b8f298fe496bd7e75f50696a327d7b65e5a395292bb73ac20f84c67d08 libpng-devel-debuginfo-1.6.37-12.el9_6.3.x86_64.rpm SHA-256: e591c95f0812f5aa9471603e705ba932859836fdd4b94119b8813b37dc5b9e50 libpng-devel-debuginfo-1.6.37-12.el9_6.3.x86_64.rpm SHA-256: e591c95f0812f5aa9471603e705ba932859836fdd4b94119b8813b37dc5b9e50 libpng-tools-debuginfo-1.6.37-12.el9_6.3.i686.rpm SHA-256: 8019c6bbd1a13a429a25b1b39f8f279309b9256f2c66cfb430f98739885e55ba libpng-tools-debuginfo-1.6.37-12.el9_6.3.i686.rpm SHA-256: 8019c6bbd1a13a429a25b1b39f8f279309b9256f2c66cfb430f98739885e55ba libpng-tools-debuginfo-1.6.37-12.el9_6.3.x86_64.rpm SHA-256: de413abab8202b6102fca1ea4d63d6df5880e9d0cd8524e370d91244277ada54 libpng-tools-debuginfo-1.6.37-12.el9_6.3.x86_64.rpm SHA-256: de413abab8202b6102fca1ea4d63d6df5880e9d0cd8524e370d91244277ada54 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM s390x libpng-1.6.37-12.el9_6.3.s390x.rpm SHA-256: 866b82a64c91fd085d39c916cd5976b84be50c04f0cb840bcebb0baba9cf4f7d libpng-debuginfo-1.6.37-12.el9_6.3.s390x.rpm SHA-256: f296fb03c2ca3a3e46ca3ad59dfb7b614fc579b3053e49d04111d69d1e0a5ee6 libpng-debugsource-1.6.37-12.el9_6.3.s390x.rpm SHA-256: ccddbf9700402d9246bb5fb99a2dcc2297d9bbe2aca7cfe17c1379228e2b451b libpng-devel-1.6.37-12.el9_6.3.s390x.rpm SHA-256: 0d168faea220edc5e29898fb56592501bda9d1fec25f6276053da6e2e681e746 libpng-devel-debuginfo-1.6.37-12.el9_6.3.s390x.rpm SHA-256: 4be4615dc8d0037b72e9b39cc376e22e977d0f561be676eba08b5cb356bcc439 libpng-tools-debuginfo-1.6.37-12.el9_6.3.s390x.rpm SHA-256: 3f919a010eb81908800cf2742cb90111154a0f90a31a2e058c094213d30c4846 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 SRPM libpng-1.6.37-12.el9_6.3.src.rpm SHA-256: 57392fb3e1a540342b90cc5af4f058cb1af46205ad04c8f9a3cef85ce8961309 ppc64le libpng-1.6.37-12.el9_6.3.ppc64le.rpm SHA-256: 13f8863a844b35e3f312f5ba641e374c7d3fd535359bdec9e444187233f39d40 libpng-debuginfo-1.6.37-12.el9_6.3.ppc64le.rpm SHA-256: b53102fa85133f64bdae1d9d51dd353421d18cac400ba03f4e4a44085de1caef libpng-debuginfo-1.6.37-12.el9_6.3.ppc64le.rpm SHA-256: b53102fa85133f64bdae1d9d51dd353421d18cac400ba03f4e4a44085de1caef libpng-debugsource-1.6.37-12.el9_6.3.ppc64le.rpm SHA-256: 31ac1e98680bd0bb3577748f39801982473bbdc19fe5d1355882625bf3aa938e libpng-debugsource-1.6.37-12.el9_6.3.ppc64le.rpm SHA-256: 31ac1e98680bd0bb3577748f39801982473bbdc19fe5d1355882625bf3aa938e libpng-devel-1.6.37-12.el9_6.3.ppc64le.rpm SHA-256: 500557bd8fa8f094ef7f018bb187ad1d363ee3d3f15d824068b002639471e384 libpng-devel-debuginfo-1.6.37-12.el9_6.3.ppc64le.rpm SHA-256: 8a05b1b5f44a8e2ec7bafa9a46bf5d0fd2367af622ad68a519824b6706f8b379 libpng-devel-debuginfo-1.6.37-12.el9_6.3.ppc64le.rpm SHA-256: 8a05b1b5f44a8e2ec7bafa9a46bf5d0fd2367af622ad68a519824b6706f8b379 libpng-tools-debuginfo-1.6.37-12.el9_6.3.ppc64le.rpm SHA-256: 56afdfafc03f019c5fef239587c7670e0498e1c6f73a3fc46871407cf7a341cc libpng-tools-debuginfo