ELSA-2026-0237

ULN >
Oracle Linux Errata repository >
ELSA-2026-0237

ELSA-2026-0237 - libpng security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2026-01-07

Description

[2:1.6.40-8.1]
- CVE-2025-64720: buffer overflow (RHEL-131422)
- CVE-2025-65018: heap buffer overflow (RHEL-131435)
- CVE-2025-66293: out-of-bounds read in png_image_read_composite (RHEL-133212)

Related CVEs

CVE-2025-64720

CVE-2025-65018

CVE-2025-66293

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 10 (aarch64)	libpng-1.6.40-8.el10_1.1.src.rpm	6d965eb4ce4f0ff4ca57c6d92179dba18fd2631805ba68275e205558e637ec5e	-	ol10_aarch64_appstream
	libpng-1.6.40-8.el10_1.1.src.rpm	6d965eb4ce4f0ff4ca57c6d92179dba18fd2631805ba68275e205558e637ec5e	-	ol10_aarch64_baseos_latest
	libpng-1.6.40-8.el10_1.1.src.rpm	6d965eb4ce4f0ff4ca57c6d92179dba18fd2631805ba68275e205558e637ec5e	-	ol10_aarch64_u1_baseos_patch
	libpng-1.6.40-8.el10_1.1.aarch64.rpm	667abc75b03649926b94741e74721832e7f29a5471e594e439603d8f5f8cb681	-	ol10_aarch64_baseos_latest
	libpng-1.6.40-8.el10_1.1.aarch64.rpm	667abc75b03649926b94741e74721832e7f29a5471e594e439603d8f5f8cb681	-	ol10_aarch64_u1_baseos_patch
	libpng-devel-1.6.40-8.el10_1.1.aarch64.rpm	8a329619c1014cca768efca898f7ddcc4d2b47c8125146ebe8a4d71a8cb627d5	-	ol10_aarch64_appstream

Oracle Linux 10 (x86_64)	libpng-1.6.40-8.el10_1.1.src.rpm	6d965eb4ce4f0ff4ca57c6d92179dba18fd2631805ba68275e205558e637ec5e	-	ol10_x86_64_appstream
	libpng-1.6.40-8.el10_1.1.src.rpm	6d965eb4ce4f0ff4ca57c6d92179dba18fd2631805ba68275e205558e637ec5e	-	ol10_x86_64_baseos_latest
	libpng-1.6.40-8.el10_1.1.src.rpm	6d965eb4ce4f0ff4ca57c6d92179dba18fd2631805ba68275e205558e637ec5e	-	ol10_x86_64_u1_baseos_patch
	libpng-1.6.40-8.el10_1.1.x86_64.rpm	c8c5d571344a590f1e4d612ce20bde651b768fbc38480d6e8288d0904ffb7dc9	-	ol10_x86_64_baseos_latest
	libpng-1.6.40-8.el10_1.1.x86_64.rpm	c8c5d571344a590f1e4d612ce20bde651b768fbc38480d6e8288d0904ffb7dc9	-	ol10_x86_64_u1_baseos_patch
	libpng-devel-1.6.40-8.el10_1.1.x86_64.rpm	20ff46faf991476f833040149e8c93a45b8bee2c210d3b01289e6ef9960c359a	-	ol10_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691