Issued:: 2026-03-11
Updated:: 2026-03-11

RHSA-2026:4306 - Security Advisory

Overview
Updated Packages

Synopsis

Important: mingw-libpng security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for mingw-libpng is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

MinGW Windows Libpng library.

Security Fix(es):

libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801)
libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)
libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat CodeReady Linux Builder for x86_64 8 x86_64

Fixes

BZ - 2428824 - CVE-2026-22801 libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API
BZ - 2428825 - CVE-2026-22695 libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read
BZ - 2438542 - CVE-2026-25646 libpng: LIBPNG has a heap buffer overflow in png_set_quantize

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat CodeReady Linux Builder for x86_64 8

SRPM
mingw-libpng-1.6.34-2.el8_10.src.rpm	SHA-256: 4756f0df706476665aef976800fce682ad2850123057ec96b8c5e25d2dca31f3
x86_64
mingw32-libpng-1.6.34-2.el8_10.noarch.rpm	SHA-256: 67336faad297bc4061edf4e747c6d91fd5bd33274cb546e252737be0842a4c30
mingw32-libpng-debuginfo-1.6.34-2.el8_10.noarch.rpm	SHA-256: b5823ceda656100d86848823d2387b88bc271c34af9cdf1583edfa3c85778e69
mingw32-libpng-static-1.6.34-2.el8_10.noarch.rpm	SHA-256: 37f9443236d7a207adf99b3c763d081a2ecf4f21fa469d363a654fe064d3c517
mingw64-libpng-1.6.34-2.el8_10.noarch.rpm	SHA-256: 78ec090aad11615821c95137390869c75fe3a37b7dde25d188575d05ef047355
mingw64-libpng-debuginfo-1.6.34-2.el8_10.noarch.rpm	SHA-256: c25cee1f943138b0513a8fb20222afd893c92beee744004d725d17db27e123b6
mingw64-libpng-static-1.6.34-2.el8_10.noarch.rpm	SHA-256: b9eac0c8091ee4da517b1bcf0430db697d7bdc01c4151447826d84f32a0700c0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation