红帽产品勘误 RHSA-2026:0238 - Security Advisory
发布:
2026-01-07
已更新:
2026-01-07

RHSA-2026:0238 - Security Advisory

概述

Important: libpng security update

类型/严重性

Security Advisory: Important

Red Hat Lightspeed patch analysis

识别并修复受此公告影响的系统。

查看受影响的系统

标题

An update for libpng is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.

Security Fix(es):

  • libpng: LIBPNG buffer overflow (CVE-2025-64720)
  • libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
  • libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

解决方案

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

受影响的产品

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64

修复

  • BZ - 2416904 - CVE-2025-64720 libpng: LIBPNG buffer overflow
  • BZ - 2416907 - CVE-2025-65018 libpng: LIBPNG heap buffer overflow
  • BZ - 2418711 - CVE-2025-66293 libpng: LIBPNG out-of-bounds read in png_image_read_composite

Red Hat Enterprise Linux for x86_64 9

SRPM
libpng-1.6.37-12.el9_7.1.src.rpm SHA-256: 763cbd35ca25fe40a68b47306bcfc1291d8fac92a1c20441dcc159edf689242a
x86_64
libpng-1.6.37-12.el9_7.1.i686.rpm SHA-256: 9e53447de83601f3fc6adfe45df8d0c6662985959fdf67a2e776d2fcc58965e1
libpng-1.6.37-12.el9_7.1.x86_64.rpm SHA-256: 561f20f3e8863ba83d1b67ea6e6f2724b82bd6d1393e0d3bb93f9409f3a0c40d
libpng-debuginfo-1.6.37-12.el9_7.1.i686.rpm SHA-256: b18c91246ea26b982a414dd878d07f3ea3136be79f643cf78c3d48c2574754b0
libpng-debuginfo-1.6.37-12.el9_7.1.i686.rpm SHA-256: b18c91246ea26b982a414dd878d07f3ea3136be79f643cf78c3d48c2574754b0
libpng-debuginfo-1.6.37-12.el9_7.1.x86_64.rpm SHA-256: db9fa8de98a663e4cceaebdaf72547a41c284570c1897e4eda70acce0706d0f4
libpng-debuginfo-1.6.37-12.el9_7.1.x86_64.rpm SHA-256: db9fa8de98a663e4cceaebdaf72547a41c284570c1897e4eda70acce0706d0f4
libpng-debugsource-1.6.37-12.el9_7.1.i686.rpm SHA-256: 1c28254240435dca0f76dc66d89246a75776be7bb0093f9a3aa95053160c67d0
libpng-debugsource-1.6.37-12.el9_7.1.i686.rpm SHA-256: 1c28254240435dca0f76dc66d89246a75776be7bb0093f9a3aa95053160c67d0
libpng-debugsource-1.6.37-12.el9_7.1.x86_64.rpm SHA-256: 7c465a80cb205de2dcb4b282075fb53aa2d0e48b663070f29427a494fd338b05
libpng-debugsource-1.6.37-12.el9_7.1.x86_64.rpm SHA-256: 7c465a80cb205de2dcb4b282075fb53aa2d0e48b663070f29427a494fd338b05
libpng-devel-1.6.37-12.el9_7.1.i686.rpm SHA-256: 79638cb963d9e1614be37461350b291b8a2d8f5387fea7bb8e62c8b3d1aba14c
libpng-devel-1.6.37-12.el9_7.1.x86_64.rpm SHA-256: 1b9fa642186c58a882724e41bdb1b33adf058ce1eaaa686283a936550fbb9862
libpng-devel-debuginfo-1.6.37-12.el9_7.1.i686.rpm SHA-256: 7e25c2c76ca41b6a7e2c4bfaee2778d7f0afd8ac718902b91d44681f926af466
libpng-devel-debuginfo-1.6.37-12.el9_7.1.i686.rpm SHA-256: 7e25c2c76ca41b6a7e2c4bfaee2778d7f0afd8ac718902b91d44681f926af466
libpng-devel-debuginfo-1.6.37-12.el9_7.1.x86_64.rpm SHA-256: cb948f4f47e1ac25faaf985e0d3b0d474e9e830b9452b544bfe217615ac27793
libpng-devel-debuginfo-1.6.37-12.el9_7.1.x86_64.rpm SHA-256: cb948f4f47e1ac25faaf985e0d3b0d474e9e830b9452b544bfe217615ac27793
libpng-tools-debuginfo-1.6.37-12.el9_7.1.i686.rpm SHA-256: 48ce3c70ee285d3a007645058b58b01f79f6bcd9ebdb56124536dde5b43c0962
libpng-tools-debuginfo-1.6.37-12.el9_7.1.i686.rpm SHA-256: 48ce3c70ee285d3a007645058b58b01f79f6bcd9ebdb56124536dde5b43c0962
libpng-tools-debuginfo-1.6.37-12.el9_7.1.x86_64.rpm SHA-256: 01f8c81c2614823ca0bd4456cdcdfbedafea64f42dedd7198c3b16581a3c54c0
libpng-tools-debuginfo-1.6.37-12.el9_7.1.x86_64.rpm SHA-256: 01f8c81c2614823ca0bd4456cdcdfbedafea64f42dedd7198c3b16581a3c54c0

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
s390x
libpng-1.6.37-12.el9_7.1.s390x.rpm SHA-256: 22d387293102e16a084cc8c3132280be9a427e873e0548fadf85bf0cae7c0b3e
libpng-debuginfo-1.6.37-12.el9_7.1.s390x.rpm SHA-256: 2cca6728c360441f945994a5f51ea1b78fe9f8d20773af455db2a90ca0efe218
libpng-debugsource-1.6.37-12.el9_7.1.s390x.rpm SHA-256: 15c2868bc7ba3800545c0effc8858b6e8ee95ec2bf44201c5b2932b832d66d24
libpng-devel-1.6.37-12.el9_7.1.s390x.rpm SHA-256: 24218d03b9448fd727b677a88f7e6318406c2435813abaacd6f77cce6dd6eea8
libpng-devel-debuginfo-1.6.37-12.el9_7.1.s390x.rpm SHA-256: 46ed2b757599f30cdf4348f1aa906bee844f25b513af16c052d435403bc1998a
libpng-tools-debuginfo-1.6.37-12.el9_7.1.s390x.rpm SHA-256: 1c9cafa4dcad2141ee6b7e4fe3b10e0876cee8c4aadc6ce5f56de87f566cb0d7

Red Hat Enterprise Linux for Power, little endian 9

SRPM
libpng-1.6.37-12.el9_7.1.src.rpm SHA-256: 763cbd35ca25fe40a68b47306bcfc1291d8fac92a1c20441dcc159edf689242a
ppc64le
libpng-1.6.37-12.el9_7.1.ppc64le.rpm SHA-256: 6bfe311c47c91efb9ffb5e92182bfad2f4676ea83f83c28f5f1eddcdcc39821b
libpng-debuginfo-1.6.37-12.el9_7.1.ppc64le.rpm SHA-256: b03a1b64d6511e36aa5e783f21801d1d4265e170e1f209609ae52550855311cc
libpng-debuginfo-1.6.37-12.el9_7.1.ppc64le.rpm SHA-256: b03a1b64d6511e36aa5e783f21801d1d4265e170e1f209609ae52550855311cc
libpng-debugsource-1.6.37-12.el9_7.1.ppc64le.rpm SHA-256: 6987e2c370db5eaffb8dbc7798411101d6b0bb81a82b65fb3301749ec00f0aff
libpng-debugsource-1.6.37-12.el9_7.1.ppc64le.rpm SHA-256: 6987e2c370db5eaffb8dbc7798411101d6b0bb81a82b65fb3301749ec00f0aff
libpng-devel-1.6.37-12.el9_7.1.ppc64le.rpm SHA-256: 4c3ed8c2e5db6e9da35f25972b70debac58374862770bcad49a13ca7b4baefb3
libpng-devel-debuginfo-1.6.37-12.el9_7.1.ppc64le.rpm SHA-256: ed8546669c3a5f84bfcc4bfe985993ada4d36504eda21a2a0c7b5d86eceae15d
libpng-devel-debuginfo-1.6.37-12.el9_7.1.ppc64le.rpm SHA-256: ed8546669c3a5f84bfcc4bfe985993ada4d36504eda21a2a0c7b5d86eceae15d
libpng-tools-debuginfo-1.6.37-12.el9_7.1.ppc64le.rpm SHA-256: 1c0c042a41a4573db89f6f5682e3c6673d7ad1dcf37e2477e7fbc87af94b287a
libpng-tools-debuginfo-1.6.37-12.el9_7.1.ppc64le.rpm SHA-256: 1c0c042a41a4573db89f6f5682e3c6673d7ad1dcf37e2477e7fbc87af94b287a

Red Hat Enterprise Linux for ARM 64 9

SRPM
libpng-1.6.37-12.el9_7.1.src.rpm SHA-256: 763cbd35ca25fe40a68b47306bcfc1291d8fac92a1c20441dcc159edf689242a
aarch64
libpng-1.6.37-12.el9_7.1.aarch64.rpm SHA-256: 9919178645dcf43485737340d25dd4c51942468a36a16151c035e9a319aaf20d
libpng-debuginfo-1.6.37-12.el9_7.1.aarch64.rpm SHA-256: 6622c08ace9aeb57455b377f4c86c4a3f63c8bc80a5bf3da795d892e448eeac4
libpng-debuginfo-1.6.37-12.el9_7.1.aarch64.rpm SHA-256: 6622c08ace9aeb57455b377f4c86c4a3f63c8bc80a5bf3da795d892e448eeac4
libpng-debugsource-1.6.37-12.el9_7.1.aarch64.rpm SHA-256: 6ae489e6966227863800032ee83e7bcbe6ef2aac2e161f7ca2d2766db689bba1
libpng-debugsource-1.6.37-12.el9_7.1.aarch64.rpm SHA-256: 6ae489e6966227863800032ee83e7bcbe6ef2aac2e161f7ca2d2766db689bba1
libpng-devel-1.6.37-12.el9_7.1.aarch64.rpm SHA-256: 99e9efaa2d5e579088c84f6a643ace76b77e0af300645062e2d973c0bd5dd0e9
libpng-devel-debuginfo-1.6.37-12.el9_7.1.aarch64.rpm SHA-256: dc3dd43272dedad5ff222aaf65154a6cf5c2045fb0336dcb064cefe73cddce4f
libpng-devel-debuginfo-1.6.37-12.el9_7.1.aarch64.rpm SHA-256: dc3dd43272dedad5ff222aaf65154a6cf5c2045fb0336dcb064cefe73cddce4f
libpng-tools-debuginfo-1.6.37-12.el9_7.1.aarch64.rpm SHA-256: 330dbc6d94554a5a48a47a0c5a4d787449c7fa6e3b6e7008b01faa3292c8af7c
libpng-tools-debuginfo-1.6.37-12.el9_7.1.aarch64.rpm SHA-256: 330dbc6d94554a5a48a47a0c5a4d787449c7fa6e3b6e7008b01faa3292c8af7c

Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/