Red Hat Product Errata RHSA-2026:7032 - Security Advisory
Issued:
2026-04-08
Updated:
2026-04-08

RHSA-2026:7032 - Security Advisory

Synopsis

Important: libpng12 security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libpng12 is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libpng12 package provides libpng 1.2, which is the previous version of the libpng library for manipulating PNG (Portable Network Graphics) image format files. This version should be used in case that it is not possible to use the current version of libpng.

Security Fix(es):

  • libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

  • BZ - 2438542 - CVE-2026-25646 libpng: LIBPNG has a heap buffer overflow in png_set_quantize

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
libpng12-1.2.50-10.el7_9.1.src.rpm SHA-256: 6dbc2d0f253f0c679bc19d2d2c5d4543dc3a070e62659b8420e4d8a9d27cecbd
x86_64
libpng12-1.2.50-10.el7_9.1.i686.rpm SHA-256: bff286b374dcfc13e82ed0bdb20382d3068819af9565040d75c946f1792ee120
libpng12-1.2.50-10.el7_9.1.x86_64.rpm SHA-256: d6fbf51e6642eb2a5c4cd5f1c76fe63a610939865ddfdbd76ec94cf3ef976257
libpng12-debuginfo-1.2.50-10.el7_9.1.i686.rpm SHA-256: 15ec6846ed97f501475d56f8bdbcf91f71bbeaefc44ccbfc32a1baae641b4e71
libpng12-debuginfo-1.2.50-10.el7_9.1.i686.rpm SHA-256: 15ec6846ed97f501475d56f8bdbcf91f71bbeaefc44ccbfc32a1baae641b4e71
libpng12-debuginfo-1.2.50-10.el7_9.1.x86_64.rpm SHA-256: 230ee5898262712f48d7e097cd6ee7ef4a375d17fbf7bdf5a7706b5cf5cb15ee
libpng12-debuginfo-1.2.50-10.el7_9.1.x86_64.rpm SHA-256: 230ee5898262712f48d7e097cd6ee7ef4a375d17fbf7bdf5a7706b5cf5cb15ee
libpng12-devel-1.2.50-10.el7_9.1.i686.rpm SHA-256: 67a537ad0f81669238e6492125dd54ef1df1b4bd2c3b1bc2b4a661f12b6acee9
libpng12-devel-1.2.50-10.el7_9.1.x86_64.rpm SHA-256: 4dd470ff2da86e773b0875838b13a623f74cf9d7054d3f28bfe923d1cb2f95eb

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7

SRPM
libpng12-1.2.50-10.el7_9.1.src.rpm SHA-256: 6dbc2d0f253f0c679bc19d2d2c5d4543dc3a070e62659b8420e4d8a9d27cecbd
s390x
libpng12-1.2.50-10.el7_9.1.s390.rpm SHA-256: 39c3688fa39e7cd9314a77cfa3d3bb0a6a22185f5d829be7439447bfd4e67334
libpng12-1.2.50-10.el7_9.1.s390x.rpm SHA-256: 1e5d80f42762b510433e88e4e5142345476a8021268777ade46e96bc27d3930c
libpng12-debuginfo-1.2.50-10.el7_9.1.s390.rpm SHA-256: d29d897959358f1a738e5c52e16dbc1574fed3d6fc244ac1389c7208ef34c1d3
libpng12-debuginfo-1.2.50-10.el7_9.1.s390.rpm SHA-256: d29d897959358f1a738e5c52e16dbc1574fed3d6fc244ac1389c7208ef34c1d3
libpng12-debuginfo-1.2.50-10.el7_9.1.s390x.rpm SHA-256: ecc4ebeac876f3835033eb86f6660c00892a7593d40de53a070504d230a32d81
libpng12-debuginfo-1.2.50-10.el7_9.1.s390x.rpm SHA-256: ecc4ebeac876f3835033eb86f6660c00892a7593d40de53a070504d230a32d81
libpng12-devel-1.2.50-10.el7_9.1.s390.rpm SHA-256: 577468895cb67fe348b02dc954d7af34b721cb5d0ed79df413af3f26802052d9
libpng12-devel-1.2.50-10.el7_9.1.s390x.rpm SHA-256: ab78b6ffdf21cdebec039bbf5914cecb57a55bb2f9c20b81c2498e3641bb525d

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
libpng12-1.2.50-10.el7_9.1.src.rpm SHA-256: 6dbc2d0f253f0c679bc19d2d2c5d4543dc3a070e62659b8420e4d8a9d27cecbd
ppc64
libpng12-1.2.50-10.el7_9.1.ppc.rpm SHA-256: 4e93227ee10c3184d7a4d2f42f5b4b8d5bb71038da94715c0158b4da28fb9da1
libpng12-1.2.50-10.el7_9.1.ppc64.rpm SHA-256: ccf694bde9548c77486fa86a36632f351c8b0228ab58711401e6c51fbf8460e9
libpng12-debuginfo-1.2.50-10.el7_9.1.ppc.rpm SHA-256: 087d849eaa1ea33b44ce8081b926279334191de2aa3a66a2b761b5045e1dd927
libpng12-debuginfo-1.2.50-10.el7_9.1.ppc.rpm SHA-256: 087d849eaa1ea33b44ce8081b926279334191de2aa3a66a2b761b5045e1dd927
libpng12-debuginfo-1.2.50-10.el7_9.1.ppc64.rpm SHA-256: 02021dd812a48e5e0b6e594828f677d3548e45889cf78b5a82e2cce9cad9110b
libpng12-debuginfo-1.2.50-10.el7_9.1.ppc64.rpm SHA-256: 02021dd812a48e5e0b6e594828f677d3548e45889cf78b5a82e2cce9cad9110b
libpng12-devel-1.2.50-10.el7_9.1.ppc.rpm SHA-256: f8486ad2e08450e68a3247ea142a2339235cc48680c699fb6b461f4028c5cc21
libpng12-devel-1.2.50-10.el7_9.1.ppc64.rpm SHA-256: 0a58bab3074a8f5d1b99fcb0bc137efd90cf511cea9164a8b07cffce5882f347

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
libpng12-1.2.50-10.el7_9.1.src.rpm SHA-256: 6dbc2d0f253f0c679bc19d2d2c5d4543dc3a070e62659b8420e4d8a9d27cecbd
ppc64le
libpng12-1.2.50-10.el7_9.1.ppc64le.rpm SHA-256: da626c580684d7cd2d2a00295c4ff472ee0e45ffbc12af742d13a6874ca97343
libpng12-debuginfo-1.2.50-10.el7_9.1.ppc64le.rpm SHA-256: 2cec867cec1bdd9f55cf64c643ab0c18e9b1af2934ba83b30d0d67fe79e285ef
libpng12-debuginfo-1.2.50-10.el7_9.1.ppc64le.rpm SHA-256: 2cec867cec1bdd9f55cf64c643ab0c18e9b1af2934ba83b30d0d67fe79e285ef
libpng12-devel-1.2.50-10.el7_9.1.ppc64le.rpm SHA-256: 789b2c68e15dd096a188e571949b5611606fd0ce30e1accb0626cf4d756c87d5

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.