Red Hat Product Errata RHSA-2026:4730 - Security Advisory
Issued:
2026-03-17
Updated:
2026-03-17

RHSA-2026:4730 - Security Advisory

Synopsis

Important: libpng security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libpng is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.

Security Fix(es):

  • libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801)
  • libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)
  • libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

  • BZ - 2428824 - CVE-2026-22801 libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API
  • BZ - 2428825 - CVE-2026-22695 libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read
  • BZ - 2438542 - CVE-2026-25646 libpng: LIBPNG has a heap buffer overflow in png_set_quantize

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6

SRPM
libpng-1.6.34-8.el8_6.2.src.rpm SHA-256: c60cd5b41ccee04a430b0a1f89f0afa5bc5faba64c3799f0386e6c3c8bfedcb8
x86_64
libpng-1.6.34-8.el8_6.2.i686.rpm SHA-256: bc79447c4e07dc279f809f68d3be09af89f78a80b138c4d6633ee62936747529
libpng-1.6.34-8.el8_6.2.x86_64.rpm SHA-256: 953c33befa29e40f0369159b0574810e61992c71f49227d13a1a2510516a1bd5
libpng-debuginfo-1.6.34-8.el8_6.2.i686.rpm SHA-256: e0e17f25fdc38644742073ec1884136b0da3433984ae5bca192ac16721574227
libpng-debuginfo-1.6.34-8.el8_6.2.x86_64.rpm SHA-256: f89cea020bd63083374d5ef51e0e2cfcdcd0adb5f98e1f9030144a1bd0d99fb7
libpng-debugsource-1.6.34-8.el8_6.2.i686.rpm SHA-256: c43afaabe8838bb9e25ded743a396bfd2fa5d32f01dc35613efa088f98c8a1b4
libpng-debugsource-1.6.34-8.el8_6.2.x86_64.rpm SHA-256: 5363f73f6356c298e314c45ce41237f4feb4b5d7ba4873c20bc7f37d9f325caf
libpng-devel-1.6.34-8.el8_6.2.i686.rpm SHA-256: abb6461a89a665888e81262b30567e227a475a5d36775595c67a748a240c77f4
libpng-devel-1.6.34-8.el8_6.2.x86_64.rpm SHA-256: 53cbd7e785789ef083927f6803f0dc1f377d5ed0757c8d802ab9f5c28c4ac5b6
libpng-devel-debuginfo-1.6.34-8.el8_6.2.i686.rpm SHA-256: 8a24e728f5007abb48fe7434ab547ca9e0c2c04ddbb0260f5980eabb44f552b5
libpng-devel-debuginfo-1.6.34-8.el8_6.2.x86_64.rpm SHA-256: 9044392760904987444dc43e8699a0cd492cec4d377ba5e77fd44578615848cc
libpng-tools-debuginfo-1.6.34-8.el8_6.2.i686.rpm SHA-256: f060b6eeec3921299d53af7c0ce07e2c2fc9b96b73d4ca1e312fb0a42fc95377
libpng-tools-debuginfo-1.6.34-8.el8_6.2.x86_64.rpm SHA-256: 5d466dc25794eefb41fc16155c1fdd048c6086dfcbbc783daa205ec39764bde6

Red Hat Enterprise Linux Server - AUS 8.6

SRPM
libpng-1.6.34-8.el8_6.2.src.rpm SHA-256: c60cd5b41ccee04a430b0a1f89f0afa5bc5faba64c3799f0386e6c3c8bfedcb8
x86_64
libpng-1.6.34-8.el8_6.2.i686.rpm SHA-256: bc79447c4e07dc279f809f68d3be09af89f78a80b138c4d6633ee62936747529
libpng-1.6.34-8.el8_6.2.x86_64.rpm SHA-256: 953c33befa29e40f0369159b0574810e61992c71f49227d13a1a2510516a1bd5
libpng-debuginfo-1.6.34-8.el8_6.2.i686.rpm SHA-256: e0e17f25fdc38644742073ec1884136b0da3433984ae5bca192ac16721574227
libpng-debuginfo-1.6.34-8.el8_6.2.x86_64.rpm SHA-256: f89cea020bd63083374d5ef51e0e2cfcdcd0adb5f98e1f9030144a1bd0d99fb7
libpng-debugsource-1.6.34-8.el8_6.2.i686.rpm SHA-256: c43afaabe8838bb9e25ded743a396bfd2fa5d32f01dc35613efa088f98c8a1b4
libpng-debugsource-1.6.34-8.el8_6.2.x86_64.rpm SHA-256: 5363f73f6356c298e314c45ce41237f4feb4b5d7ba4873c20bc7f37d9f325caf
libpng-devel-1.6.34-8.el8_6.2.i686.rpm SHA-256: abb6461a89a665888e81262b30567e227a475a5d36775595c67a748a240c77f4
libpng-devel-1.6.34-8.el8_6.2.x86_64.rpm SHA-256: 53cbd7e785789ef083927f6803f0dc1f377d5ed0757c8d802ab9f5c28c4ac5b6
libpng-devel-debuginfo-1.6.34-8.el8_6.2.i686.rpm SHA-256: 8a24e728f5007abb48fe7434ab547ca9e0c2c04ddbb0260f5980eabb44f552b5
libpng-devel-debuginfo-1.6.34-8.el8_6.2.x86_64.rpm SHA-256: 9044392760904987444dc43e8699a0cd492cec4d377ba5e77fd44578615848cc
libpng-tools-debuginfo-1.6.34-8.el8_6.2.i686.rpm SHA-256: f060b6eeec3921299d53af7c0ce07e2c2fc9b96b73d4ca1e312fb0a42fc95377
libpng-tools-debuginfo-1.6.34-8.el8_6.2.x86_64.rpm SHA-256: 5d466dc25794eefb41fc16155c1fdd048c6086dfcbbc783daa205ec39764bde6

Red Hat Enterprise Linux Server - TUS 8.6

SRPM
libpng-1.6.34-8.el8_6.2.src.rpm SHA-256: c60cd5b41ccee04a430b0a1f89f0afa5bc5faba64c3799f0386e6c3c8bfedcb8
x86_64
libpng-1.6.34-8.el8_6.2.i686.rpm SHA-256: bc79447c4e07dc279f809f68d3be09af89f78a80b138c4d6633ee62936747529
libpng-1.6.34-8.el8_6.2.x86_64.rpm SHA-256: 953c33befa29e40f0369159b0574810e61992c71f49227d13a1a2510516a1bd5
libpng-debuginfo-1.6.34-8.el8_6.2.i686.rpm SHA-256: e0e17f25fdc38644742073ec1884136b0da3433984ae5bca192ac16721574227
libpng-debuginfo-1.6.34-8.el8_6.2.x86_64.rpm SHA-256: f89cea020bd63083374d5ef51e0e2cfcdcd0adb5f98e1f9030144a1bd0d99fb7
libpng-debugsource-1.6.34-8.el8_6.2.i686.rpm SHA-256: c43afaabe8838bb9e25ded743a396bfd2fa5d32f01dc35613efa088f98c8a1b4
libpng-debugsource-1.6.34-8.el8_6.2.x86_64.rpm SHA-256: 5363f73f6356c298e314c45ce41237f4feb4b5d7ba4873c20bc7f37d9f325caf
libpng-devel-1.6.34-8.el8_6.2.i686.rpm SHA-256: abb6461a89a665888e81262b30567e227a475a5d36775595c67a748a240c77f4
libpng-devel-1.6.34-8.el8_6.2.x86_64.rpm SHA-256: 53cbd7e785789ef083927f6803f0dc1f377d5ed0757c8d802ab9f5c28c4ac5b6
libpng-devel-debuginfo-1.6.34-8.el8_6.2.i686.rpm SHA-256: 8a24e728f5007abb48fe7434ab547ca9e0c2c04ddbb0260f5980eabb44f552b5
libpng-devel-debuginfo-1.6.34-8.el8_6.2.x86_64.rpm SHA-256: 9044392760904987444dc43e8699a0cd492cec4d377ba5e77fd44578615848cc
libpng-tools-debuginfo-1.6.34-8.el8_6.2.i686.rpm SHA-256: f060b6eeec3921299d53af7c0ce07e2c2fc9b96b73d4ca1e312fb0a42fc95377
libpng-tools-debuginfo-1.6.34-8.el8_6.2.x86_64.rpm SHA-256: 5d466dc25794eefb41fc16155c1fdd048c6086dfcbbc783daa205ec39764bde6

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM
libpng-1.6.34-8.el8_6.2.src.rpm SHA-256: c60cd5b41ccee04a430b0a1f89f0afa5bc5faba64c3799f0386e6c3c8bfedcb8
ppc64le
libpng-1.6.34-8.el8_6.2.ppc64le.rpm SHA-256: 1e43644dd80c16bd96bb6eac81721a828a51d527b856ab6113f8fdfb22e70a78
libpng-debuginfo-1.6.34-8.el8_6.2.ppc64le.rpm SHA-256: dc384f42029b6b2cf0558b634dbc1868503de4fbcdbd4a5e52263043521dac90
libpng-debugsource-1.6.34-8.el8_6.2.ppc64le.rpm SHA-256: e7e5d6a27ef1652679bce91e30c9a12713de22c895d3fe30e079e2fd86565978
libpng-devel-1.6.34-8.el8_6.2.ppc64le.rpm SHA-256: b2c189edb610842f8a239a7a1bae4c25c5cb65bf9854ba658d0299a5d5f24682
libpng-devel-debuginfo-1.6.34-8.el8_6.2.ppc64le.rpm SHA-256: af578f666ad28185fb83ce4ba5b7174856681ba07769259ca37e3f812cc1ef78
libpng-tools-debuginfo-1.6.34-8.el8_6.2.ppc64le.rpm SHA-256: 7eec0b242fa637fd68c51284ddd096bf1d3218050f52c3af621eaf5dae355806

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM
libpng-1.6.34-8.el8_6.2.src.rpm SHA-256: c60cd5b41ccee04a430b0a1f89f0afa5bc5faba64c3799f0386e6c3c8bfedcb8
x86_64
libpng-1.6.34-8.el8_6.2.i686.rpm SHA-256: bc79447c4e07dc279f809f68d3be09af89f78a80b138c4d6633ee62936747529
libpng-1.6.34-8.el8_6.2.x86_64.rpm SHA-256: 953c33befa29e40f0369159b0574810e61992c71f49227d13a1a2510516a1bd5
libpng-debuginfo-1.6.34-8.el8_6.2.i686.rpm SHA-256: e0e17f25fdc38644742073ec1884136b0da3433984ae5bca192ac16721574227
libpng-debuginfo-1.6.34-8.el8_6.2.x86_64.rpm SHA-256: f89cea020bd63083374d5ef51e0e2cfcdcd0adb5f98e1f9030144a1bd0d99fb7
libpng-debugsource-1.6.34-8.el8_6.2.i686.rpm SHA-256: c43afaabe8838bb9e25ded743a396bfd2fa5d32f01dc35613efa088f98c8a1b4
libpng-debugsource-1.6.34-8.el8_6.2.x86_64.rpm SHA-256: 5363f73f6356c298e314c45ce41237f4feb4b5d7ba4873c20bc7f37d9f325caf
libpng-devel-1.6.34-8.el8_6.2.i686.rpm SHA-256: abb6461a89a665888e81262b30567e227a475a5d36775595c67a748a240c77f4
libpng-devel-1.6.34-8.el8_6.2.x86_64.rpm SHA-256: 53cbd7e785789ef083927f6803f0dc1f377d5ed0757c8d802ab9f5c28c4ac5b6
libpng-devel-debuginfo-1.6.34-8.el8_6.2.i686.rpm SHA-256: 8a24e728f5007abb48fe7434ab547ca9e0c2c04ddbb0260f5980eabb44f552b5
libpng-devel-debuginfo-1.6.34-8.el8_6.2.x86_64.rpm SHA-256: 9044392760904987444dc43e8699a0cd492cec4d377ba5e77fd44578615848cc
libpng-tools-debuginfo-1.6.34-8.el8_6.2.i686.rpm SHA-256: f060b6eeec3921299d53af7c0ce07e2c2fc9b96b73d4ca1e312fb0a42fc95377
libpng-tools-debuginfo-1.6.34-8.el8_6.2.x86_64.rpm SHA-256: 5d466dc25794eefb41fc16155c1fdd048c6086dfcbbc783daa205ec39764bde6

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.