[Apollo] Advisories Statistics light light Login

RLSA-2026:0237

Security Mirrored from RHSA-2026:0237
Issued at: 2026-01-09
Updated at: 2026-01-21

Synopsis

Important: libpng security update



Description

The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.

Security Fix(es):

* libpng: LIBPNG buffer overflow (CVE-2025-64720)

* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)

* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 10 aarch64 Rocky Linux 10 ppc64le Rocky Linux 10 s390x Rocky Linux 10 x86_64

Fixes

2418711 2416907 2416904

CVEs

CVE-2025-64720 CVE-2025-65018 CVE-2025-66293

Affected packages

Rocky Linux 10 s390x - AppStream

libpng-devel-2:1.6.40-8.el10_1.1.s390x.rpm libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x.rpm libpng-debugsource-2:1.6.40-8.el10_1.1.s390x.rpm libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x.rpm libpng-2:1.6.40-8.el10_1.1.s390x.rpm

Rocky Linux 10 ppc64le - AppStream

libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le.rpm libpng-devel-2:1.6.40-8.el10_1.1.ppc64le.rpm

Rocky Linux 10 x86_64 - AppStream

libpng-devel-2:1.6.40-8.el10_1.1.x86_64.rpm libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64.rpm

Rocky Linux 10 aarch64 - BaseOS

libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64.rpm libpng-2:1.6.40-8.el10_1.1.aarch64.rpm libpng-2:1.6.40-8.el10_1.1.src.rpm libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64.rpm

Rocky Linux 10 ppc64le - BaseOS

libpng-2:1.6.40-8.el10_1.1.ppc64le.rpm libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le.rpm libpng-2:1.6.40-8.el10_1.1.src.rpm libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le.rpm

Rocky Linux 10 s390x - BaseOS

libpng-2:1.6.40-8.el10_1.1.src.rpm

Rocky Linux 10 x86_64 - BaseOS

libpng-2:1.6.40-8.el10_1.1.src.rpm libpng-2:1.6.40-8.el10_1.1.x86_64.rpm libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64.rpm libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64.rpm

Rocky Linux 10 aarch64 - AppStream

libpng-devel-2:1.6.40-8.el10_1.1.aarch64.rpm libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64.rpm