Red Hat Product Errata RHSA-2026:17685 - Security Advisory Issued: 2026-05-14 Updated: 2026-05-14 RHSA-2026:17685 - Security Advisory Overview Updated Packages Synopsis Moderate: libpng security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for libpng is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files. Security Fix(es): libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion (CVE-2026-33636) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x Fixes BZ - 2451819 - CVE-2026-33636 libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion CVEs CVE-2026-33636 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 SRPM libpng-1.6.37-12.el9_0.3.src.rpm SHA-256: 340f450acee1ec9db9f9ecebca76d2a58668ce446c9c79f891f8f508e9ee3972 ppc64le libpng-1.6.37-12.el9_0.3.ppc64le.rpm SHA-256: cdf9f585b4654f8be64146029293e47f57cd924c9da7e9dc9b92c11a63ce9642 libpng-debuginfo-1.6.37-12.el9_0.3.ppc64le.rpm SHA-256: eb52c083415d47f4d8103ee1527994e542784a1d0e5918f3516662e651ab72bc libpng-debuginfo-1.6.37-12.el9_0.3.ppc64le.rpm SHA-256: eb52c083415d47f4d8103ee1527994e542784a1d0e5918f3516662e651ab72bc libpng-debugsource-1.6.37-12.el9_0.3.ppc64le.rpm SHA-256: ae5a0d859cc85616c69ff665b371d5c16f960153b02299458e5ee47d01c92f37 libpng-debugsource-1.6.37-12.el9_0.3.ppc64le.rpm SHA-256: ae5a0d859cc85616c69ff665b371d5c16f960153b02299458e5ee47d01c92f37 libpng-devel-1.6.37-12.el9_0.3.ppc64le.rpm SHA-256: 32b56ad6d68664f7e6efad3efb64314b397cef3ff700b6c1699c285d4f13f883 libpng-devel-debuginfo-1.6.37-12.el9_0.3.ppc64le.rpm SHA-256: 49c3044abce0683cc7fc017e4331a69126b18c3e55b4acc8ffe3da48bf8ec811 libpng-devel-debuginfo-1.6.37-12.el9_0.3.ppc64le.rpm SHA-256: 49c3044abce0683cc7fc017e4331a69126b18c3e55b4acc8ffe3da48bf8ec811 libpng-tools-debuginfo-1.6.37-12.el9_0.3.ppc64le.rpm SHA-256: 7d33af061a3b0c61828bd160dc1ee4c7c4a4bbd04a245d6aebe606bdc0dcc7b9 libpng-tools-debuginfo-1.6.37-12.el9_0.3.ppc64le.rpm SHA-256: 7d33af061a3b0c61828bd160dc1ee4c7c4a4bbd04a245d6aebe606bdc0dcc7b9 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 SRPM libpng-1.6.37-12.el9_0.3.src.rpm SHA-256: 340f450acee1ec9db9f9ecebca76d2a58668ce446c9c79f891f8f508e9ee3972 x86_64 libpng-1.6.37-12.el9_0.3.i686.rpm SHA-256: 3c29d70560a8e6564264029e42a80e093a5428ee813067ca05111192f9a24b2e libpng-1.6.37-12.el9_0.3.x86_64.rpm SHA-256: ea04d8b51d4ede8d701352affc05c9bcb259ba2e5f2540cd68fa976c5687b000 libpng-debuginfo-1.6.37-12.el9_0.3.i686.rpm SHA-256: 1828756558c76724c42d3f7038ae13ca121402a4161783589164e1346b00a04d libpng-debuginfo-1.6.37-12.el9_0.3.i686.rpm SHA-256: 1828756558c76724c42d3f7038ae13ca121402a4161783589164e1346b00a04d libpng-debuginfo-1.6.37-12.el9_0.3.x86_64.rpm SHA-256: 4d2a099d60d053a37ed4fe10759a7a452e4b4380e1d4c9156ebb2331ca068bde libpng-debuginfo-1.6.37-12.el9_0.3.x86_64.rpm SHA-256: 4d2a099d60d053a37ed4fe10759a7a452e4b4380e1d4c9156ebb2331ca068bde libpng-debugsource-1.6.37-12.el9_0.3.i686.rpm SHA-256: 4b0d84850ab77969492077b5597345db3024c5b1acdcb21319fb7ccad806d01d libpng-debugsource-1.6.37-12.el9_0.3.i686.rpm SHA-256: 4b0d84850ab77969492077b5597345db3024c5b1acdcb21319fb7ccad806d01d libpng-debugsource-1.6.37-12.el9_0.3.x86_64.rpm SHA-256: d307bb2f4809583b6fae2152c67874c4a63595ccf427c3b0cf2e8f1b57898413 libpng-debugsource-1.6.37-12.el9_0.3.x86_64.rpm SHA-256: d307bb2f4809583b6fae2152c67874c4a63595ccf427c3b0cf2e8f1b57898413 libpng-devel-1.6.37-12.el9_0.3.i686.rpm SHA-256: 42731539a251adb0fbec46bdc35b0103ab68370deef287bbbecf03fce9ff2be9 libpng-devel-1.6.37-12.el9_0.3.x86_64.rpm SHA-256: 0f96f3dadd312cf2833aa1a527cb3cf5487882e2abc98450fae7f4eea654cb02 libpng-devel-debuginfo-1.6.37-12.el9_0.3.i686.rpm SHA-256: 03b446c3d366bc4c2182fa75266b37818bbbc224d6730becd1a166abd168f70a libpng-devel-debuginfo-1.6.37-12.el9_0.3.i686.rpm SHA-256: 03b446c3d366bc4c2182fa75266b37818bbbc224d6730becd1a166abd168f70a libpng-devel-debuginfo-1.6.37-12.el9_0.3.x86_64.rpm SHA-256: 58f205fb805c6127dec663ac949db438b3c4a53c26337c8726146385d84cb5bd libpng-devel-debuginfo-1.6.37-12.el9_0.3.x86_64.rpm SHA-256: 58f205fb805c6127dec663ac949db438b3c4a53c26337c8726146385d84cb5bd libpng-tools-debuginfo-1.6.37-12.el9_0.3.i686.rpm SHA-256: 9f6fdb71779f3e357a52416fe8c1ee2441615766698f597db8996401b54fd793 libpng-tools-debuginfo-1.6.37-12.el9_0.3.i686.rpm SHA-256: 9f6fdb71779f3e357a52416fe8c1ee2441615766698f597db8996401b54fd793 libpng-tools-debuginfo-1.6.37-12.el9_0.3.x86_64.rpm SHA-256: 2bcb8b967f4f8bdb5957e5713eb7e30d69feaa41553e4903eb8aecbce7425a5e libpng-tools-debuginfo-1.6.37-12.el9_0.3.x86_64.rpm SHA-256: 2bcb8b967f4f8bdb5957e5713eb7e30d69feaa41553e4903eb8aecbce7425a5e Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 SRPM libpng-1.6.37-12.el9_0.3.src.rpm SHA-256: 340f450acee1ec9db9f9ecebca76d2a58668ce446c9c79f891f8f508e9ee3972 aarch64 libpng-1.6.37-12.el9_0.3.aarch64.rpm SHA-256: 44f854face9a4b6068a9ff4101c34f76c95c502d1839674eb1a795705956d880 libpng-debuginfo-1.6.37-12.el9_0.3.aarch64.rpm SHA-256: 9ac7e472242b8ac5c87319702333f77da02d2ae7431203e0422d197d5a771d63 libpng-debuginfo-1.6.37-12.el9_0.3.aarch64.rpm SHA-256: 9ac7e472242b8ac5c87319702333f77da02d2ae7431203e0422d197d5a771d63 libpng-debugsource-1.6.37-12.el9_0.3.aarch64.rpm SHA-256: f608d60c78b86f9ae2a5773aca7fa897f03078d92799774db2072309efc9498b libpng-debugsource-1.6.37-12.el9_0.3.aarch64.rpm SHA-256: f608d60c78b86f9ae2a5773aca7fa897f03078d92799774db2072309efc9498b libpng-devel-1.6.37-12.el9_0.3.aarch64.rpm SHA-256: 1c5b93289d4f92b96110524f10812f60270e6194249c1e8e96dedff9f5c54e52 libpng-devel-debuginfo-1.6.37-12.el9_0.3.aarch64.rpm SHA-256: 54acd908e6981bf4e486ef79844dffff3e63a4ef9788c1c0835cbe818d86167c libpng-devel-debuginfo-1.6.37-12.el9_0.3.aarch64.rpm SHA-256: 54acd908e6981bf4e486ef79844dffff3e63a4ef9788c1c0835cbe818d86167c libpng-tools-debuginfo-1.6.37-12.el9_0.3.aarch64.rpm SHA-256: d89d7cecd30c4c4edcdb7498cc7924c2820b60c58aaee3c915ea214151ec5566 libpng-tools-debuginfo-1.6.37-12.el9_0.3.aarch64.rpm SHA-256: d89d7cecd30c4c4edcdb7498cc7924c2820b60c58aaee3c915ea214151ec5566 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 SRPM s390x libpng-1.6.37-12.el9_0.3.s390x.rpm SHA-256: 2f7f0820752484a9dd33f3ddace490f02fba513a9366021ac60cae1902755faf libpng-debuginfo-1.6.37-12.el9_0.3.s390x.rpm SHA-256: aa76420913710147c41fa331ec8343069b87b3fd929920eb50aba8adf6e81b6d libpng-debugsource-1.6.37-12.el9_0.3.s390x.rpm SHA-256: b839fca7e7dd89322e0a0fb30fe7bbb33afcf7f713e301dbe0fc99f604abd886 libpng-devel-1.6.37-12.el9_0.3.s390x.rpm SHA-256: 0aa99bd9eb74e8a3838963c66539cce06ac382173049abe977911da4b62911e6 libpng-devel-debuginfo-1.6.37-12.el9_0.3.s390x.rpm SHA-256: a1fd2506c7ae6f18689f090a78e16623eafc4a2da8480ab0fb37439c2a9d2557 libpng-tools-debuginfo-1.6.37-12.el9_0.3.s390x.rpm SHA-256: b15083be1747b30f34df1d053a33c4b44f76da5c1dc9063324c38643402940ac The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .