SUSE-SU-2026:0192-1

Опубликовано: 21 янв. 2026

Источник: suse-cvrf

Описание

Security update for libpng16

This update for libpng16 fixes the following issues:

CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read (bsc#1256525)

Список пакетов

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

libpng16-16-1.6.8-15.15.1

libpng16-16-32bit-1.6.8-15.15.1

libpng16-compat-devel-1.6.8-15.15.1

libpng16-devel-1.6.8-15.15.1

Ссылки

https://www.suse.com/support/update/announcement/2026/suse-su-20260192-1/
Link for SUSE-SU-2026:0192-1
https://lists.suse.com/pipermail/sle-security-updates/2026-January/023828.html
E-Mail link for SUSE-SU-2026:0192-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1256525
SUSE Bug 1256525
https://www.suse.com/security/cve/CVE-2026-22695/
SUSE CVE CVE-2026-22695 page

Описание

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.

Затронутые продукты

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpng16-16-1.6.8-15.15.1

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpng16-16-32bit-1.6.8-15.15.1

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpng16-compat-devel-1.6.8-15.15.1

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpng16-devel-1.6.8-15.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2026-22695.html
CVE-2026-22695
https://bugzilla.suse.com/1256525
SUSE Bug 1256525

SUSE-SU-2026:0192-1

Описание

Список пакетов

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

Ссылки

Уязвимость: CVE-2026-22695

Описание

Затронутые продукты

Ссылки