RLSA-2026:4306

Security

Mirrored from RHSA-2026:4306

Issued at: 2026-03-12

Updated at: 2026-03-12

Synopsis

Important: mingw-libpng security update

Description

MinGW Windows Libpng library.

Security Fix(es):

* libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801)

* libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)

* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 8 aarch64

Rocky Linux 8 x86_64

Fixes

2428824

2428825

2438542

CVEs

CVE-2026-22695

CVE-2026-22801

CVE-2026-25646

Affected packages

Rocky Linux 8 x86_64 - PowerTools

mingw32-libpng-0:1.6.34-2.el8_10.noarch.rpm

mingw32-libpng-debuginfo-0:1.6.34-2.el8_10.noarch.rpm

mingw32-libpng-static-0:1.6.34-2.el8_10.noarch.rpm

mingw64-libpng-0:1.6.34-2.el8_10.noarch.rpm

mingw64-libpng-debuginfo-0:1.6.34-2.el8_10.noarch.rpm

mingw64-libpng-static-0:1.6.34-2.el8_10.noarch.rpm

mingw-libpng-0:1.6.34-2.el8_10.src.rpm

Rocky Linux 8 aarch64 - PowerTools

mingw-libpng-0:1.6.34-2.el8_10.src.rpm