ELSA-2026-3551

ULN >
Oracle Linux Errata repository >
ELSA-2026-3551

ELSA-2026-3551 - libpng security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2026-03-02

Description

[2:1.6.40-8.2]
- fix CVE-2026-25646: heap buffer overflow in png_set_quantize (RHEL-148323)
- fix CVE-2026-22695: heap buffer over-read in png_image_finish_read (RHEL-148818)
- fix CVE-2026-22801: heap buffer over-read in png_image_write_*bit (RHEL-146645)

Related CVEs

CVE-2026-22695

CVE-2026-22801

CVE-2026-25646

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 10 (aarch64)	libpng-1.6.40-8.el10_1.2.src.rpm	c1a90a184ed2c6c5768eddb657530f6733b34eab871723a8ad3dff2b45578117	-	ol10_aarch64_appstream
	libpng-1.6.40-8.el10_1.2.src.rpm	c1a90a184ed2c6c5768eddb657530f6733b34eab871723a8ad3dff2b45578117	-	ol10_aarch64_baseos_latest
	libpng-1.6.40-8.el10_1.2.src.rpm	c1a90a184ed2c6c5768eddb657530f6733b34eab871723a8ad3dff2b45578117	-	ol10_aarch64_u1_baseos_patch
	libpng-1.6.40-8.el10_1.2.aarch64.rpm	167d9a6677f56a8a75c1eed976e08ae1142aad6458eb4d041e8d34f8adfcf8a5	-	ol10_aarch64_baseos_latest
	libpng-1.6.40-8.el10_1.2.aarch64.rpm	167d9a6677f56a8a75c1eed976e08ae1142aad6458eb4d041e8d34f8adfcf8a5	-	ol10_aarch64_u1_baseos_patch
	libpng-devel-1.6.40-8.el10_1.2.aarch64.rpm	88808a0f57c3635e2abbfd5b75f9fb7635c9e9788fad9c9d7acd3fc92f598d78	-	ol10_aarch64_appstream

Oracle Linux 10 (x86_64)	libpng-1.6.40-8.el10_1.2.src.rpm	c1a90a184ed2c6c5768eddb657530f6733b34eab871723a8ad3dff2b45578117	-	ol10_x86_64_appstream
	libpng-1.6.40-8.el10_1.2.src.rpm	c1a90a184ed2c6c5768eddb657530f6733b34eab871723a8ad3dff2b45578117	-	ol10_x86_64_baseos_latest
	libpng-1.6.40-8.el10_1.2.src.rpm	c1a90a184ed2c6c5768eddb657530f6733b34eab871723a8ad3dff2b45578117	-	ol10_x86_64_u1_baseos_patch
	libpng-1.6.40-8.el10_1.2.x86_64.rpm	fa7abe7d8d43636ee00f7b8f55bcda97cebf077bb317a6fcd5dabe1c8c2338de	-	ol10_x86_64_baseos_latest
	libpng-1.6.40-8.el10_1.2.x86_64.rpm	fa7abe7d8d43636ee00f7b8f55bcda97cebf077bb317a6fcd5dabe1c8c2338de	-	ol10_x86_64_u1_baseos_patch
	libpng-devel-1.6.40-8.el10_1.2.x86_64.rpm	52f7082d60cd8c3104dfbb72c3047773ef29bfe6165400b83e608506ac4ca721	-	ol10_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691