AlmaLinux released two security updates to address serious vulnerabilities in popular server software. The moderate libpng patch resolves a use-after-free flaw that could allow arbitrary code execution. A separate critical advisory fixes nginx, which contains another vulnerability capable of enabling unauthorized remote commands. Administrators should install these packages immediately and consult the official errata links for complete technical details.

ALSA-2026:18028: libpng security update (Moderate)
ALSA-2026:18029: nginx security update (Critical)

ALSA-2026:18028: libpng security update (Moderate)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2026-05-18

Summary:

The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.

Security Fix(es):

* libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-18028.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team

ALSA-2026:18029: nginx security update (Critical)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Critical
Release date: 2026-05-18

Summary:

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

Security Fix(es):

* nginx: NGINX: Arbitrary Code Execution Vulnerability (CVE-2026-42945)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-18029.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team