Red Hat Product Errata RHSA-2026:19587 - Security Advisory Issued: 2026-05-20 Updated: 2026-05-20 RHSA-2026:19587 - Security Advisory Overview Updated Packages Synopsis Important: openexr security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for openexr is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR. Security Fix(es): OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file (CVE-2026-34588) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x Fixes BZ - 2455408 - CVE-2026-34588 OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file CVEs CVE-2026-34588 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 SRPM openexr-3.1.1-2.el9_0.3.src.rpm SHA-256: 3e5d642f3cea0e08ef807c2d204547c622c7d6325b1fa87416fc3cff617e692e ppc64le openexr-3.1.1-2.el9_0.3.ppc64le.rpm SHA-256: 8346edee55e9970c22fe7e7f672ba2e49148520f38b8b97c7d69ab7acb955c74 openexr-debuginfo-3.1.1-2.el9_0.3.ppc64le.rpm SHA-256: 185bd18ecb3e7b8f4f01f4fb6bfef0036d5265f2ad63f0f1faeb69072f79f074 openexr-debugsource-3.1.1-2.el9_0.3.ppc64le.rpm SHA-256: dd9773bbe7bc1a688bcf89e3c17785693d7765f1ba648ae4d5ef178aa945bb3b openexr-libs-3.1.1-2.el9_0.3.ppc64le.rpm SHA-256: 2d23805d6dfd69fb3dec94409970c9815fd124f7ebd3f950d2120e49bda82249 openexr-libs-debuginfo-3.1.1-2.el9_0.3.ppc64le.rpm SHA-256: 7bbd067f83b784684ae7a66e081c632b5fee0087f1d89415746feec522f00076 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 SRPM openexr-3.1.1-2.el9_0.3.src.rpm SHA-256: 3e5d642f3cea0e08ef807c2d204547c622c7d6325b1fa87416fc3cff617e692e x86_64 openexr-3.1.1-2.el9_0.3.x86_64.rpm SHA-256: 101a3327f7968150a9968de622717fa9435ee4cdba74e0ea7d0544f7507a33dd openexr-debuginfo-3.1.1-2.el9_0.3.i686.rpm SHA-256: 2a86f735e78bff4587b94001903c6221d3d9a4f308be133b06ed59b998ab8065 openexr-debuginfo-3.1.1-2.el9_0.3.x86_64.rpm SHA-256: c456698491d9449631985f88d1d1d1b1665ed402528dcea99f063deedaa02297 openexr-debugsource-3.1.1-2.el9_0.3.i686.rpm SHA-256: 5c1f1daa65982937eed5a40e4a0aee1e0b0744fdfe9afbbfc095e8835bcdf7cb openexr-debugsource-3.1.1-2.el9_0.3.x86_64.rpm SHA-256: 5763415997478fedca9927dc4eda94491e40a97c3f8404c128787bba7f3c4a25 openexr-libs-3.1.1-2.el9_0.3.i686.rpm SHA-256: eec63626d8fac7b3f7e28cc507fe4b24cab0af25c465300a0ea552a71659182d openexr-libs-3.1.1-2.el9_0.3.x86_64.rpm SHA-256: 8b41865dfba155891a6593cf1844487f5956871d20b41a2631c80c72e8ac8dc6 openexr-libs-debuginfo-3.1.1-2.el9_0.3.i686.rpm SHA-256: 7dfd69cd676fadff1df61573b2e58c0c6ac9f4ef54b02857e0698a14e34c9f17 openexr-libs-debuginfo-3.1.1-2.el9_0.3.x86_64.rpm SHA-256: 4408f0a900e9409a12902953df649a6a461336fb91b3120adb3c447a745f9d57 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 SRPM openexr-3.1.1-2.el9_0.3.src.rpm SHA-256: 3e5d642f3cea0e08ef807c2d204547c622c7d6325b1fa87416fc3cff617e692e aarch64 openexr-3.1.1-2.el9_0.3.aarch64.rpm SHA-256: facc9c2ea0ad24f1ba124776b4478d8ad1c9388a1128e8a7bab445ff02de6cd2 openexr-debuginfo-3.1.1-2.el9_0.3.aarch64.rpm SHA-256: 7bc68a456adbc2a6e419216270de0d7d2ac47009d73dad503ef6daa716822a4d openexr-debugsource-3.1.1-2.el9_0.3.aarch64.rpm SHA-256: 5d0bb8c39f4d7649c4b195a65587696368bd1fe1ab94a6b391a2e327abebc212 openexr-libs-3.1.1-2.el9_0.3.aarch64.rpm SHA-256: 58114de7ecfd300a5e0032895b7d4360f59b30332f3a2cca44784654ae187e0a openexr-libs-debuginfo-3.1.1-2.el9_0.3.aarch64.rpm SHA-256: 7492608bb5ab5da4c5659d2deb1abb85a2943900ea64ef7d6c887011837abe80 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 SRPM openexr-3.1.1-2.el9_0.3.src.rpm SHA-256: 3e5d642f3cea0e08ef807c2d204547c622c7d6325b1fa87416fc3cff617e692e s390x openexr-3.1.1-2.el9_0.3.s390x.rpm SHA-256: 30b81cf722eee00dfa6526f9e0a81815d389d4a324ef6fc9dd8bf03321fc3828 openexr-debuginfo-3.1.1-2.el9_0.3.s390x.rpm SHA-256: 1f9ffe156c92d6d5c0ae5aeaa78ecc0d950b3c8ee8f3ee664f072003b432ddde openexr-debugsource-3.1.1-2.el9_0.3.s390x.rpm SHA-256: 757e61945a40a9d8fe85e3bc8f17056ad42d66ca06b1e98924215b354ba8bd89 openexr-libs-3.1.1-2.el9_0.3.s390x.rpm SHA-256: d3840809c95c72e7b5e18d97be78473ffc9c289c9b6d4e09ad415a39493599a3 openexr-libs-debuginfo-3.1.1-2.el9_0.3.s390x.rpm SHA-256: 0dbfb07f18406b580e5fd64e08d7144219e3b262feda46a8cda73f06d3d3423f The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .