Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 11 articles for you...
100
security advisorySuSEarbitrary code executionSUSE 15 SP7 libpng Major Memory Leak Issue SUSE-SU-2026-1718-1
An update that solves three vulnerabilities and contains one feature can now be installed.. # Security update for libpng12 Announcement ID: SUSE-SU-2026:1716-1 Release Date: 2026-05-06T12:11:56Z Rating: important References: * bsc#1141493 * bsc#1260754 * bsc#1261957 * jsc#PED-16191 Cross-References: * CVE-2017-12652 * CVE-2026-33416 * CVE-2026-34757 CVSS scores: * CVE-2017-12652 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2017-12652 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2017-12652 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2017-12652 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2017-12652 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33416 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33416 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34757 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34757 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34757 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 *SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities and contains one feature can now be installed. ## Description: This update for libpng12 fixes the following issues: Update to version 1.2.59 (jsc#PED-16191). Security issues : * CVE-2017-12652: missing chunk length check can lead to sensitive information disclosure, data corruption or crash (bsc#1141493). * CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). * CVE-2026-34757: use-after-free in `png_set_PLTE`, `png_set_tRNS` and `png_set_hIST` can lead to corrupted chunk data and potential heap information disclosure (bsc#1261957). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1716=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1716=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1716=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1716=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1716=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1716=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1716=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1716=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1716=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1716=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1716=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libpng12-devel-1.2.59-150000.4.11.1 * libpng12-0-debuginfo-1.2.59-150000.4.11.1 * libpng12-0-1.2.59-150000.4.11.1 * libpng12-debugsource-1.2.59-150000.4.11.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libpng12-devel-1.2.59-150000.4.11.1 * libpng12-0-debuginfo-1.2.59-150000.4.11.1 * libpng12-0-1.2.59-150000.4.11.1 * libpng12-debugsource-1.2.59-150000.4.11.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libpng12-devel-1.2.59-150000.4.11.1 * libpng12-0-debuginfo-1.2.59-150000.4.11.1 * libpng12-0-1.2.59-150000.4.11.1 * libpng12-debugsource-1.2.59-150000.4.11.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libpng12-devel-1.2.59-150000.4.11.1 * libpng12-0-debuginfo-1.2.59-150000.4.11.1 * libpng12-0-1.2.59-150000.4.11.1 * libpng12-debugsource-1.2.59-150000.4.11.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libpng12-devel-1.2.59-150000.4.11.1 * libpng12-0-debuginfo-1.2.59-150000.4.11.1 * libpng12-0-1.2.59-150000.4.11.1 * libpng12-debugsource-1.2.59-150000.4.11.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libpng12-devel-1.2.59-150000.4.11.1 *libpng12-0-debuginfo-1.2.59-150000.4.11.1 * libpng12-0-1.2.59-150000.4.11.1 * libpng12-debugsource-1.2.59-150000.4.11.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libpng12-devel-1.2.59-150000.4.11.1 * libpng12-0-debuginfo-1.2.59-150000.4.11.1 * libpng12-0-1.2.59-150000.4.11.1 * libpng12-debugsource-1.2.59-150000.4.11.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libpng12-devel-1.2.59-150000.4.11.1 * libpng12-0-debuginfo-1.2.59-150000.4.11.1 * libpng12-0-1.2.59-150000.4.11.1 * libpng12-debugsource-1.2.59-150000.4.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libpng12-devel-1.2.59-150000.4.11.1 * libpng12-0-debuginfo-1.2.59-150000.4.11.1 * libpng12-0-1.2.59-150000.4.11.1 * libpng12-debugsource-1.2.59-150000.4.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libpng12-devel-1.2.59-150000.4.11.1 * libpng12-0-debuginfo-1.2.59-150000.4.11.1 * libpng12-0-1.2.59-150000.4.11.1 * libpng12-debugsource-1.2.59-150000.4.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libpng12-devel-1.2.59-150000.4.11.1 * libpng12-0-debuginfo-1.2.59-150000.4.11.1 * libpng12-0-1.2.59-150000.4.11.1 * libpng12-debugsource-1.2.59-150000.4.11.1 ## References: * https://www.suse.com/security/cve/CVE-2017-12652.html * https://www.suse.com/security/cve/CVE-2026-33416.html * https://www.suse.com/security/cve/CVE-2026-34757.html * https://bugzilla.suse.com/show_bug.cgi?id=1141493 * https://bugzilla.suse.com/show_bug.cgi?id=1260754 * https://bugzilla.suse.com/show_bug.cgi?id=1261957 * https://jira.suse.com/browse/PED-16191 . Install SUSE's important libpng12 update that resolves three vulnerabilities and enhances system security.. libpng12 update,SUSE security advisory,important patch,system security advice. . Severity: Important. LinuxSecurity.com Team
May 06, 2026
•Important
SuSE
100
security advisorySuSEcode executionSUSE libpng12 Significant Code Execution Vulnerabilities 2026-1702-1
An update that solves two vulnerabilities and contains one feature can now be installed.. # Security update for libpng12 Announcement ID: SUSE-SU-2026:1702-1 Release Date: 2026-05-06T07:43:00Z Rating: important References: * bsc#1260754 * bsc#1261957 * jsc#PED-16191 Cross-References: * CVE-2026-33416 * CVE-2026-34757 CVSS scores: * CVE-2026-33416 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33416 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34757 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34757 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34757 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities and contains one feature can now be installed. ## Description: This update for libpng12 fixes the following issues: Update to version 1.2.59 (jsc#PED-16191). * CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). * CVE-2026-34757: use-after-free in `png_set_PLTE`, `png_set_tRNS` and `png_set_hIST` can lead to corrupted chunk data and potential heap information disclosure (bsc#1261957). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1702=1 *SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1702=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libpng12-0-1.2.59-20.14.1 * libpng12-devel-1.2.59-20.14.1 * libpng12-compat-devel-1.2.59-20.14.1 * libpng12-0-debuginfo-1.2.59-20.14.1 * libpng12-debugsource-1.2.59-20.14.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libpng12-0-32bit-1.2.59-20.14.1 * libpng12-0-debuginfo-32bit-1.2.59-20.14.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libpng12-0-debuginfo-32bit-1.2.59-20.14.1 * libpng12-0-1.2.59-20.14.1 * libpng12-devel-1.2.59-20.14.1 * libpng12-debugsource-1.2.59-20.14.1 * libpng12-compat-devel-1.2.59-20.14.1 * libpng12-0-debuginfo-1.2.59-20.14.1 * libpng12-0-32bit-1.2.59-20.14.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33416.html * https://www.suse.com/security/cve/CVE-2026-34757.html * https://bugzilla.suse.com/show_bug.cgi?id=1260754 * https://bugzilla.suse.com/show_bug.cgi?id=1261957 * https://jira.suse.com/browse/PED-16191 . SUSE updates libpng12 to fix critical issues like code execution and data disclosure. Important update available now.. libpng12 update,SUSE Security,code execution issue,important patch. . Severity: Important. LinuxSecurity.com Team
May 06, 2026
•Important
SuSE
202
security advisorymoderatesecurity issueopenSUSE Tumbleweed libpng12-0 Moderate Security Update 2026-10640-1
An update that solves 2 vulnerabilities can now be installed.. # libpng12-0-1.2.59-5.1 on GA media Announcement ID: openSUSE-SU-2026:10640-1 Rating: moderate Cross-References: * CVE-2026-33416 * CVE-2026-34757 CVSS scores: * CVE-2026-33416 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33416 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-34757 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34757 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the libpng12-0-1.2.59-5.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * libpng12-0 1.2.59-5.1 * libpng12-0-32bit 1.2.59-5.1 * libpng12-compat-devel 1.2.59-5.1 * libpng12-compat-devel-32bit 1.2.59-5.1 * libpng12-devel 1.2.59-5.1 * libpng12-devel-32bit 1.2.59-5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33416.html * https://www.suse.com/security/cve/CVE-2026-34757.html . Security update for openSUSE fixes two moderate issues in libpng12-0. Updates recommended for system protection.. openSUSE libpng12 security update moderate CVE. . LinuxSecurity.com Team
Apr 30, 2026
OpenSUSE
217
security advisorysecurity updatebuffer overflowOracle Linux 7 ELSA-2026-7032 libpng12 Important Buffer Overflow Advisory
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-7032 http://linux.oracle.com/errata/ELSA-2026-7032.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: libpng12-1.2.50-10.0.1.el7.i686.rpm libpng12-1.2.50-10.0.1.el7.x86_64.rpm libpng12-devel-1.2.50-10.0.1.el7.i686.rpm libpng12-devel-1.2.50-10.0.1.el7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/libpng12-1.2.50-10.0.1.el7.src.rpm Related CVEs: CVE-2026-25646 Description of changes: [1.2.50-10.0.1] - Fix CVE-2026-25646: heap buffer overflow in png_set_quantize [Orabug: 39183864] _______________________________________________ El-errata mailing list
Apr 28, 2026
•Important
Oracle
203
security advisorybuffer overflowimportantMageia 9 libpng12 Important Heap Overflow CVE-2026-25646 Advisory 2026-0096
MGASA-2026-0096 - Updated libpng12 packages fix security vulnerability. MGASA-2026-0096 - Updated libpng12 packages fix security vulnerability Publication date: 12 Apr 2026 URL: https://advisories.mageia.org/MGASA-2026-0096.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-25646 Description: LIBPNG has a heap buffer overflow in png_set_quantize. (CVE-2026-25646) References: - https://bugs.mageia.org/show_bug.cgi?id=35342 - https://lists.fedoraproject.org/archives/list/
Apr 12, 2026
•Important
Mageia
89
security advisoryfedoraimportantFedora 42 libpng12 Important Heap Overflow Fix CVE-2026-25646
fix CVE-2026-25646: heap buffer overflow in png_set_quantize. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-1bf9e14627 2026-04-10 01:10:26.730890+00:00 -------------------------------------------------------------------------------- Name : libpng12 Product : Fedora 42 Version : 1.2.57 Release : 25.fc42 URL : http://www.libpng.org/pub/png/ Summary : Old version of libpng, needed to run old binaries Description : The libpng12 package provides libpng 1.2, an older version of the libpng library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng. -------------------------------------------------------------------------------- Update Information: fix CVE-2026-25646: heap buffer overflow in png_set_quantize -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 1 2026 Michal Hlavinka - 1.2.57-25 - fix CVE-2026-25646: heap buffer overflow in png_set_quantize (rhbz#2438670) * Fri Jan 16 2026 Fedora Release Engineering - 1.2.57-24 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Thu Jul 24 2025 Fedora Release Engineering - 1.2.57-23 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2438670 - CVE-2026-25646 libpng12: LIBPNG has a heap buffer overflow in png_set_quantize [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438670 [ 2 ] Bug #2438682 - CVE-2026-25646 libpng12: LIBPNG has a heap buffer overflow in png_set_quantize [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438682 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade--advisory FEDORA-2026-1bf9e14627' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 10, 2026
•Important
Fedora
219
security advisorysecurity fiximportantRocky Linux 8 RLSA-2026-6446 libpng12 Significant Memory Drain Patch Issued
Important: libpng12 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:6445", "synopsis": "Important: libpng12 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for libpng12.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The libpng12 package provides libpng 1.2, which is the previous version of the libpng library for manipulating PNG (Portable Network Graphics) image format files. This version should be used in case that it is not possible to use the current version of libpng.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2438542", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542", "description": ""}], "cves": [{"name": "CVE-2026-25646", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "cvss3BaseScore": "7.0", "cwe": "CWE-125"}], "references": [], "publishedAt": "2026-04-09T06:02:21.819616Z", "rpms": {"Rocky Linux 8": {"nvras": ["libpng12-0:1.2.57-6.el8_10.aarch64.rpm", "libpng12-0:1.2.57-6.el8_10.i686.rpm", "libpng12-0:1.2.57-6.el8_10.src.rpm", "libpng12-0:1.2.57-6.el8_10.x86_64.rpm", "libpng12-debuginfo-0:1.2.57-6.el8_10.aarch64.rpm", "libpng12-debuginfo-0:1.2.57-6.el8_10.i686.rpm", "libpng12-debuginfo-0:1.2.57-6.el8_10.x86_64.rpm", "libpng12-debugsource-0:1.2.57-6.el8_10.aarch64.rpm", "libpng12-debugsource-0:1.2.57-6.el8_10.i686.rpm", "libpng12-debugsource-0:1.2.57-6.el8_10.x86_64.rpm"]}},"rebootSuggested": false, "buildReferences": []}. Update for libpng12 in Rocky Linux addresses a heap buffer overflow issue with a CVSS score of 7.0, impacting system stability.. libpng12 update, Rocky Linux security, heap overflow fix, Linux security advisory. . Severity: Important. LinuxSecurity.com Team
Apr 09, 2026
•Important
Rocky Linux
219
security advisorybuffer overflowimportantRocky Linux 8 RLSA-2026-6446 Significant Buffer Flaw in libjpeg-turbo Found
Important: libpng12 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:6445", "synopsis": "Important: libpng12 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for libpng12.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The libpng12 package provides libpng 1.2, which is the previous version of the libpng library for manipulating PNG (Portable Network Graphics) image format files. This version should be used in case that it is not possible to use the current version of libpng.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2438542", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542", "description": ""}], "cves": [{"name": "CVE-2026-25646", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "cvss3BaseScore": "7.0", "cwe": "CWE-125"}], "references": [], "publishedAt": "2026-04-09T06:02:21.819616Z", "rpms": {"Rocky Linux 8": {"nvras": ["libpng12-0:1.2.57-6.el8_10.aarch64.rpm", "libpng12-0:1.2.57-6.el8_10.i686.rpm", "libpng12-0:1.2.57-6.el8_10.src.rpm", "libpng12-0:1.2.57-6.el8_10.x86_64.rpm", "libpng12-debuginfo-0:1.2.57-6.el8_10.aarch64.rpm", "libpng12-debuginfo-0:1.2.57-6.el8_10.i686.rpm", "libpng12-debuginfo-0:1.2.57-6.el8_10.x86_64.rpm", "libpng12-debugsource-0:1.2.57-6.el8_10.aarch64.rpm", "libpng12-debugsource-0:1.2.57-6.el8_10.i686.rpm", "libpng12-debugsource-0:1.2.57-6.el8_10.x86_64.rpm"]}},"rebootSuggested": false, "buildReferences": []}. An important security update for Rocky Linux addressing a buffer overflow in libpng12 to enhance system safety.. Rocky Linux libpng12 security update buffer overflow important. . Severity: Important. LinuxSecurity.com Team
Apr 09, 2026
•Important
Rocky Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!