RLSA-2026:0237

Security

Mirrored from RHSA-2026:0237

Issued at: 2026-01-09

Updated at: 2026-01-23

Synopsis

Important: libpng security update

Description

The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.

Security Fix(es):

* libpng: LIBPNG buffer overflow (CVE-2025-64720)

* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)

* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 10 aarch64

Fixes

2418711

2416907

2416904

CVEs

CVE-2025-64720

CVE-2025-65018

CVE-2025-66293

Affected packages

Rocky Linux 10 aarch64 - BaseOS

libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64.rpm

libpng-2:1.6.40-8.el10_1.1.aarch64.rpm

libpng-2:1.6.40-8.el10_1.1.src.rpm

libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64.rpm

Rocky Linux 10 ppc64le - BaseOS

libpng-2:1.6.40-8.el10_1.1.src.rpm

Rocky Linux 10 s390x - BaseOS

libpng-2:1.6.40-8.el10_1.1.src.rpm

Rocky Linux 10 x86_64 - BaseOS

libpng-2:1.6.40-8.el10_1.1.src.rpm

Rocky Linux 10 aarch64 - AppStream

libpng-devel-2:1.6.40-8.el10_1.1.aarch64.rpm

libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64.rpm