ELSA-2026-3405

ULN >
Oracle Linux Errata repository >
ELSA-2026-3405

ELSA-2026-3405 - libpng security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2026-02-26

Description

[2:1.6.37-12.2]
- fix CVE-2026-25646: heap buffer overflow in png_set_quantize (RHEL-148970)
- fix CVE-2026-22695: heap buffer over-read in png_image_finish_read (RHEL-148403)
- fix CVE-2026-22801: heap buffer over-read in png_image_write_*bit (RHEL-147343)

Related CVEs

CVE-2026-22695

CVE-2026-22801

CVE-2026-25646

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	libpng-1.6.37-12.el9_7.2.src.rpm	6a201dc7e2d3d68448d861979381c3d74a7c4095e4bf19a5077c59257300385f	-	ol9_aarch64_appstream
	libpng-1.6.37-12.el9_7.2.src.rpm	6a201dc7e2d3d68448d861979381c3d74a7c4095e4bf19a5077c59257300385f	-	ol9_aarch64_baseos_latest
	libpng-1.6.37-12.el9_7.2.src.rpm	6a201dc7e2d3d68448d861979381c3d74a7c4095e4bf19a5077c59257300385f	-	ol9_aarch64_u7_baseos_patch
	libpng-1.6.37-12.el9_7.2.aarch64.rpm	5c9555137b14a0ebe6486cb6abed7d042a49b7330414fe95b1d9196788c42a48	-	ol9_aarch64_baseos_latest
	libpng-1.6.37-12.el9_7.2.aarch64.rpm	5c9555137b14a0ebe6486cb6abed7d042a49b7330414fe95b1d9196788c42a48	-	ol9_aarch64_u7_baseos_patch
	libpng-devel-1.6.37-12.el9_7.2.aarch64.rpm	9f42d63cb083ee8c5c23beea305c5c32ff655e61a66a92b461bd174755de9e64	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	libpng-1.6.37-12.el9_7.2.src.rpm	6a201dc7e2d3d68448d861979381c3d74a7c4095e4bf19a5077c59257300385f	-	ol9_x86_64_appstream
	libpng-1.6.37-12.el9_7.2.src.rpm	6a201dc7e2d3d68448d861979381c3d74a7c4095e4bf19a5077c59257300385f	-	ol9_x86_64_baseos_latest
	libpng-1.6.37-12.el9_7.2.src.rpm	6a201dc7e2d3d68448d861979381c3d74a7c4095e4bf19a5077c59257300385f	-	ol9_x86_64_u7_baseos_patch
	libpng-1.6.37-12.el9_7.2.i686.rpm	32254bb8b7d9d658d84517258fd1fb240dcf54ea470b0ee9813f625d73134193	-	ol9_x86_64_baseos_latest
	libpng-1.6.37-12.el9_7.2.i686.rpm	32254bb8b7d9d658d84517258fd1fb240dcf54ea470b0ee9813f625d73134193	-	ol9_x86_64_u7_baseos_patch
	libpng-1.6.37-12.el9_7.2.x86_64.rpm	409c68b725858c064d2c9d8eb77a6d106a2f44872cab64f561f3cc7f59e97161	-	ol9_x86_64_baseos_latest
	libpng-1.6.37-12.el9_7.2.x86_64.rpm	409c68b725858c064d2c9d8eb77a6d106a2f44872cab64f561f3cc7f59e97161	-	ol9_x86_64_u7_baseos_patch
	libpng-devel-1.6.37-12.el9_7.2.i686.rpm	311478bfd71bcd1e13075ead24158bb0f0441d1499a2e90e0a7fbd291ae1b637	-	ol9_x86_64_appstream
	libpng-devel-1.6.37-12.el9_7.2.x86_64.rpm	d93db0e756993562da8a5df05f031feb6936cdfae9abf872345d6ca1e506fa31	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691