红帽产品勘误 RHSA-2026:4729 - Security Advisory
发布:
2026-03-17
已更新:
2026-03-17

RHSA-2026:4729 - Security Advisory

概述

Important: libpng security update

类型/严重性

Security Advisory: Important

Red Hat Lightspeed patch analysis

识别并修复受此公告影响的系统。

查看受影响的系统

标题

An update for libpng is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.

Security Fix(es):

  • libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801)
  • libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)
  • libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

解决方案

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

受影响的产品

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

修复

  • BZ - 2428824 - CVE-2026-22801 libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API
  • BZ - 2428825 - CVE-2026-22695 libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read
  • BZ - 2438542 - CVE-2026-25646 libpng: LIBPNG has a heap buffer overflow in png_set_quantize

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8

SRPM
libpng-1.6.34-8.el8_8.2.src.rpm SHA-256: 5718aac5540110530bb2e332e45aa56b1c6df99b7b81ff85abf4b16fa84b3300
x86_64
libpng-1.6.34-8.el8_8.2.i686.rpm SHA-256: cbd1155fe59f871f748ec54630f97610696904505a064daa655988890dc7a296
libpng-1.6.34-8.el8_8.2.x86_64.rpm SHA-256: ca2b57c262bfe2ae850770e41ea62c5dd4bd403bcf2a0a032537a4f3845f2852
libpng-debuginfo-1.6.34-8.el8_8.2.i686.rpm SHA-256: ed0071005587b7fcc29d328fa7ae70b6f6be30484c91ccda4790429c7d4f8e2d
libpng-debuginfo-1.6.34-8.el8_8.2.x86_64.rpm SHA-256: 7c1f677a750f81e805a9c99258247751485b5131fb29e00205c1c1b5472d61a9
libpng-debugsource-1.6.34-8.el8_8.2.i686.rpm SHA-256: 98ca2b46a546c7916c48d1e4b1dba4e9aeda918c9562c20c9d4f4db5b3b9cc7e
libpng-debugsource-1.6.34-8.el8_8.2.x86_64.rpm SHA-256: a84168c003870e4f26670c59c47d598e5624340a430472af73daabe1a2c3da06
libpng-devel-1.6.34-8.el8_8.2.i686.rpm SHA-256: 7dea0fdc0dbe9374c3029178c0c26f2b7a7776e47c4014af2174bd7610486cda
libpng-devel-1.6.34-8.el8_8.2.x86_64.rpm SHA-256: 1aab388fae17323a11b7c204edb85a8fb48b85c64192e884dc3278a8a679607f
libpng-devel-debuginfo-1.6.34-8.el8_8.2.i686.rpm SHA-256: 2ba708ccac111868b867791239788a1c10e6977ee58bed0807f70102910b73e1
libpng-devel-debuginfo-1.6.34-8.el8_8.2.x86_64.rpm SHA-256: 5f5af011c62e4572a6d406d75eb5b0b735d7e5402fd84b83f198c02d203b2271
libpng-tools-debuginfo-1.6.34-8.el8_8.2.i686.rpm SHA-256: b8882966b8e08d7335642f17c4861d02d498cebf8509d290ae4b8608265081a6
libpng-tools-debuginfo-1.6.34-8.el8_8.2.x86_64.rpm SHA-256: d58cdb4425674ed6740ef4ba0927a5347b52f724c3aa1f36d04074393347538c

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
libpng-1.6.34-8.el8_8.2.src.rpm SHA-256: 5718aac5540110530bb2e332e45aa56b1c6df99b7b81ff85abf4b16fa84b3300
x86_64
libpng-1.6.34-8.el8_8.2.i686.rpm SHA-256: cbd1155fe59f871f748ec54630f97610696904505a064daa655988890dc7a296
libpng-1.6.34-8.el8_8.2.x86_64.rpm SHA-256: ca2b57c262bfe2ae850770e41ea62c5dd4bd403bcf2a0a032537a4f3845f2852
libpng-debuginfo-1.6.34-8.el8_8.2.i686.rpm SHA-256: ed0071005587b7fcc29d328fa7ae70b6f6be30484c91ccda4790429c7d4f8e2d
libpng-debuginfo-1.6.34-8.el8_8.2.x86_64.rpm SHA-256: 7c1f677a750f81e805a9c99258247751485b5131fb29e00205c1c1b5472d61a9
libpng-debugsource-1.6.34-8.el8_8.2.i686.rpm SHA-256: 98ca2b46a546c7916c48d1e4b1dba4e9aeda918c9562c20c9d4f4db5b3b9cc7e
libpng-debugsource-1.6.34-8.el8_8.2.x86_64.rpm SHA-256: a84168c003870e4f26670c59c47d598e5624340a430472af73daabe1a2c3da06
libpng-devel-1.6.34-8.el8_8.2.i686.rpm SHA-256: 7dea0fdc0dbe9374c3029178c0c26f2b7a7776e47c4014af2174bd7610486cda
libpng-devel-1.6.34-8.el8_8.2.x86_64.rpm SHA-256: 1aab388fae17323a11b7c204edb85a8fb48b85c64192e884dc3278a8a679607f
libpng-devel-debuginfo-1.6.34-8.el8_8.2.i686.rpm SHA-256: 2ba708ccac111868b867791239788a1c10e6977ee58bed0807f70102910b73e1
libpng-devel-debuginfo-1.6.34-8.el8_8.2.x86_64.rpm SHA-256: 5f5af011c62e4572a6d406d75eb5b0b735d7e5402fd84b83f198c02d203b2271
libpng-tools-debuginfo-1.6.34-8.el8_8.2.i686.rpm SHA-256: b8882966b8e08d7335642f17c4861d02d498cebf8509d290ae4b8608265081a6
libpng-tools-debuginfo-1.6.34-8.el8_8.2.x86_64.rpm SHA-256: d58cdb4425674ed6740ef4ba0927a5347b52f724c3aa1f36d04074393347538c

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
libpng-1.6.34-8.el8_8.2.src.rpm SHA-256: 5718aac5540110530bb2e332e45aa56b1c6df99b7b81ff85abf4b16fa84b3300
ppc64le
libpng-1.6.34-8.el8_8.2.ppc64le.rpm SHA-256: a2082e5c55941a8336bc4199697be80dd8e48546d19795e4ce262f6f9ee083a9
libpng-debuginfo-1.6.34-8.el8_8.2.ppc64le.rpm SHA-256: c54930211077c780c362f7dcae3b8abaf6775423d4c7d7807ca3cd6670e641ec
libpng-debugsource-1.6.34-8.el8_8.2.ppc64le.rpm SHA-256: 38176e657875953aaecd20b84fa4976402311e7dff95540ae36426fe85d63a91
libpng-devel-1.6.34-8.el8_8.2.ppc64le.rpm SHA-256: 4b301be0ad13c9c6f4f412fb278391338d47a208997d86b30cb7947cb68d8be0
libpng-devel-debuginfo-1.6.34-8.el8_8.2.ppc64le.rpm SHA-256: c310183e19087b23c805492f1f5388806ff3e225e003386a6514049ff4f4d0c7
libpng-tools-debuginfo-1.6.34-8.el8_8.2.ppc64le.rpm SHA-256: db43db92a03cd76e35c404fdcb443ec7fcf7adb736ad19e67e79cafb9b35f8cf

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
libpng-1.6.34-8.el8_8.2.src.rpm SHA-256: 5718aac5540110530bb2e332e45aa56b1c6df99b7b81ff85abf4b16fa84b3300
x86_64
libpng-1.6.34-8.el8_8.2.i686.rpm SHA-256: cbd1155fe59f871f748ec54630f97610696904505a064daa655988890dc7a296
libpng-1.6.34-8.el8_8.2.x86_64.rpm SHA-256: ca2b57c262bfe2ae850770e41ea62c5dd4bd403bcf2a0a032537a4f3845f2852
libpng-debuginfo-1.6.34-8.el8_8.2.i686.rpm SHA-256: ed0071005587b7fcc29d328fa7ae70b6f6be30484c91ccda4790429c7d4f8e2d
libpng-debuginfo-1.6.34-8.el8_8.2.x86_64.rpm SHA-256: 7c1f677a750f81e805a9c99258247751485b5131fb29e00205c1c1b5472d61a9
libpng-debugsource-1.6.34-8.el8_8.2.i686.rpm SHA-256: 98ca2b46a546c7916c48d1e4b1dba4e9aeda918c9562c20c9d4f4db5b3b9cc7e
libpng-debugsource-1.6.34-8.el8_8.2.x86_64.rpm SHA-256: a84168c003870e4f26670c59c47d598e5624340a430472af73daabe1a2c3da06
libpng-devel-1.6.34-8.el8_8.2.i686.rpm SHA-256: 7dea0fdc0dbe9374c3029178c0c26f2b7a7776e47c4014af2174bd7610486cda
libpng-devel-1.6.34-8.el8_8.2.x86_64.rpm SHA-256: 1aab388fae17323a11b7c204edb85a8fb48b85c64192e884dc3278a8a679607f
libpng-devel-debuginfo-1.6.34-8.el8_8.2.i686.rpm SHA-256: 2ba708ccac111868b867791239788a1c10e6977ee58bed0807f70102910b73e1
libpng-devel-debuginfo-1.6.34-8.el8_8.2.x86_64.rpm SHA-256: 5f5af011c62e4572a6d406d75eb5b0b735d7e5402fd84b83f198c02d203b2271
libpng-tools-debuginfo-1.6.34-8.el8_8.2.i686.rpm SHA-256: b8882966b8e08d7335642f17c4861d02d498cebf8509d290ae4b8608265081a6
libpng-tools-debuginfo-1.6.34-8.el8_8.2.x86_64.rpm SHA-256: d58cdb4425674ed6740ef4ba0927a5347b52f724c3aa1f36d04074393347538c

Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/