Issued:: 2026-04-02
Updated:: 2026-04-02

RHSA-2026:6466 - Security Advisory

Overview
Updated Packages

Synopsis

Important: libpng15 security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libpng15 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng.

Security Fix(es):

libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

BZ - 2438542 - CVE-2026-25646 libpng: LIBPNG has a heap buffer overflow in png_set_quantize

CVEs

CVE-2026-25646

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
libpng15-1.5.30-7.el8_2.1.src.rpm	SHA-256: b23ed7f886532bc9bb1023e5b2bea0647b0db1d8fd284e7a1d432d045b1b374c
x86_64
libpng15-1.5.30-7.el8_2.1.i686.rpm	SHA-256: eff6af286f9d567b83863093a6bf202a0642e74f36a16c24771ae0cdeb097733
libpng15-1.5.30-7.el8_2.1.x86_64.rpm	SHA-256: 74d01ce8e9f1cffea471de1edbf701abaff849ab928e58751d2f74dfbcfea43e
libpng15-debuginfo-1.5.30-7.el8_2.1.i686.rpm	SHA-256: 408de0c5ba098da74c0a99598af20d66d33654ce121d0cc560ab46ee9a84081f
libpng15-debuginfo-1.5.30-7.el8_2.1.x86_64.rpm	SHA-256: b925e55c1c35e6089f68e968d92e8241bfddabd7711a644872a08ccad27f24f7
libpng15-debugsource-1.5.30-7.el8_2.1.i686.rpm	SHA-256: 522c6bfee85708656431b718fbcfe6bbc5c814c8521e57501e1e5d45af3273f3
libpng15-debugsource-1.5.30-7.el8_2.1.x86_64.rpm	SHA-256: 5d58ac7c96dd3962db662e63140c0c514606516f158c86c988713ce4bf05ca47

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation