RLSA-2026:3551

Security

Mirrored from RHSA-2026:3551

Issued at: 2026-03-05

Updated at: 2026-03-05

Synopsis

Important: libpng security update

Description

The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.

Security Fix(es):

* libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801)

* libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)

* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 10 aarch64

Rocky Linux 10 ppc64le

Rocky Linux 10 s390x

Rocky Linux 10 x86_64

Fixes

2438542

2428824

2428825

CVEs

CVE-2026-22695

CVE-2026-22801

CVE-2026-25646

Affected packages

Rocky Linux 10 aarch64 - BaseOS

libpng-debugsource-2:1.6.40-8.el10_1.2.aarch64.rpm

libpng-2:1.6.40-8.el10_1.2.aarch64.rpm

libpng-2:1.6.40-8.el10_1.2.src.rpm

libpng-debuginfo-2:1.6.40-8.el10_1.2.aarch64.rpm

Rocky Linux 10 aarch64 - AppStream

libpng-devel-debuginfo-2:1.6.40-8.el10_1.2.aarch64.rpm

libpng-devel-2:1.6.40-8.el10_1.2.aarch64.rpm

Rocky Linux 10 x86_64 - BaseOS

libpng-2:1.6.40-8.el10_1.2.x86_64.rpm

libpng-debuginfo-2:1.6.40-8.el10_1.2.x86_64.rpm

libpng-2:1.6.40-8.el10_1.2.src.rpm

libpng-debugsource-2:1.6.40-8.el10_1.2.x86_64.rpm

Rocky Linux 10 ppc64le - BaseOS

libpng-debugsource-2:1.6.40-8.el10_1.2.ppc64le.rpm

libpng-2:1.6.40-8.el10_1.2.src.rpm

libpng-2:1.6.40-8.el10_1.2.ppc64le.rpm

libpng-debuginfo-2:1.6.40-8.el10_1.2.ppc64le.rpm

Rocky Linux 10 x86_64 - AppStream

libpng-devel-debuginfo-2:1.6.40-8.el10_1.2.x86_64.rpm

libpng-devel-2:1.6.40-8.el10_1.2.x86_64.rpm

Rocky Linux 10 ppc64le - AppStream

libpng-devel-debuginfo-2:1.6.40-8.el10_1.2.ppc64le.rpm

libpng-devel-2:1.6.40-8.el10_1.2.ppc64le.rpm

Rocky Linux 10 s390x - BaseOS

libpng-2:1.6.40-8.el10_1.2.src.rpm

Rocky Linux 10 s390x - AppStream

libpng-debuginfo-2:1.6.40-8.el10_1.2.s390x.rpm

libpng-devel-2:1.6.40-8.el10_1.2.s390x.rpm

libpng-debugsource-2:1.6.40-8.el10_1.2.s390x.rpm

libpng-2:1.6.40-8.el10_1.2.s390x.rpm

libpng-devel-debuginfo-2:1.6.40-8.el10_1.2.s390x.rpm