Fedora alert FEDORA-2026-3adf4e38cb (libpng12)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 44 Update: libpng12-1.2.57-25.fc44 | |
| Date: | Sat, 25 Apr 2026 01:53:26 +0000 | |
| Message-ID: | <20260425015326.2C797A5DA1@bastion01.rdu3.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-3adf4e38cb 2026-04-25 01:21:36.171585+00:00 -------------------------------------------------------------------------------- Name : libpng12 Product : Fedora 44 Version : 1.2.57 Release : 25.fc44 URL : http://www.libpng.org/pub/png/ Summary : Old version of libpng, needed to run old binaries Description : The libpng12 package provides libpng 1.2, an older version of the libpng library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng. -------------------------------------------------------------------------------- Update Information: fix CVE-2026-25646: heap buffer overflow in png_set_quantize -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 1 2026 Michal Hlavinka <mhlavink@redhat.com> - 1.2.57-25 - fix CVE-2026-25646: heap buffer overflow in png_set_quantize (rhbz#2438670) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2438670 - CVE-2026-25646 libpng12: LIBPNG has a heap buffer overflow in png_set_quantize [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438670 [ 2 ] Bug #2438682 - CVE-2026-25646 libpng12: LIBPNG has a heap buffer overflow in png_set_quantize [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438682 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3adf4e38cb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new