SUSE-SU-2026:0234-1

Опубликовано: 22 янв. 2026

Источник: suse-cvrf

Описание

Security update for libpng16

This update for libpng16 fixes the following issues:

CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read (bsc#1256525)
CVE-2026-22801: Fixed integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526).

Список пакетов

Image SLES15-SP6

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP6-Azure-3P

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP6-BYOS

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP6-BYOS-Azure

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP6-BYOS-GCE

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP6-GCE

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP6-Hardened-BYOS

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP6-Hardened-BYOS-GCE

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP6-SAP

libpng16-16-1.6.40-150600.3.6.1

libpng16-compat-devel-1.6.40-150600.3.6.1

libpng16-devel-1.6.40-150600.3.6.1

Image SLES15-SP6-SAP-Azure-3P

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP6-SAP-GCE

libpng16-16-1.6.40-150600.3.6.1

libpng16-compat-devel-1.6.40-150600.3.6.1

libpng16-devel-1.6.40-150600.3.6.1

Image SLES15-SP6-SAP-Hardened

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP6-SAP-Hardened-BYOS

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP6-SAP-Hardened-EC2

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP6-SAP-Hardened-GCE

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP6-SAPCAL

libpng16-16-1.6.40-150600.3.6.1

libpng16-compat-devel-1.6.40-150600.3.6.1

libpng16-devel-1.6.40-150600.3.6.1

Image SLES15-SP6-SAPCAL-GCE

libpng16-16-1.6.40-150600.3.6.1

libpng16-compat-devel-1.6.40-150600.3.6.1

libpng16-devel-1.6.40-150600.3.6.1

Image SLES15-SP7-Azure-3P

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP7-Azure-Basic

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP7-Azure-Standard

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP7-BYOS-Azure

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP7-BYOS-EC2

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP7-BYOS-GCE

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP7-GCE

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP7-HPC-Azure

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP7-HPC-BYOS-EC2

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP7-HPC-BYOS-GCE

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP7-Hardened-BYOS-Azure

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP7-Hardened-BYOS-EC2

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP7-Hardened-BYOS-GCE

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP7-SAP-Azure

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP7-SAP-Azure-3P

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP7-SAP-EC2

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP7-SAP-Hardened-Azure

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP7-SAP-Hardened-GCE

libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP7-SAPCAL-Azure

libpng16-16-1.6.40-150600.3.6.1

libpng16-compat-devel-1.6.40-150600.3.6.1

libpng16-devel-1.6.40-150600.3.6.1

SUSE Linux Enterprise Module for Basesystem 15 SP7

libpng16-16-1.6.40-150600.3.6.1

libpng16-16-32bit-1.6.40-150600.3.6.1

libpng16-compat-devel-1.6.40-150600.3.6.1

libpng16-devel-1.6.40-150600.3.6.1

openSUSE Leap 15.6

libpng16-16-1.6.40-150600.3.6.1

libpng16-16-32bit-1.6.40-150600.3.6.1

libpng16-compat-devel-1.6.40-150600.3.6.1

libpng16-compat-devel-32bit-1.6.40-150600.3.6.1

libpng16-devel-1.6.40-150600.3.6.1

libpng16-devel-32bit-1.6.40-150600.3.6.1

libpng16-tools-1.6.40-150600.3.6.1

Ссылки

https://www.suse.com/support/update/announcement/2026/suse-su-20260234-1/
Link for SUSE-SU-2026:0234-1
https://lists.suse.com/pipermail/sle-security-updates/2026-January/023851.html
E-Mail link for SUSE-SU-2026:0234-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1256525
SUSE Bug 1256525
https://bugzilla.suse.com/1256526
SUSE Bug 1256526
https://www.suse.com/security/cve/CVE-2026-22695/
SUSE CVE CVE-2026-22695 page
https://www.suse.com/security/cve/CVE-2026-22801/
SUSE CVE CVE-2026-22801 page

Описание

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.

Затронутые продукты

Image SLES15-SP6-Azure-3P:libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP6-BYOS-Azure:libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP6-BYOS-GCE:libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP6-BYOS:libpng16-16-1.6.40-150600.3.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2026-22695.html
CVE-2026-22695
https://bugzilla.suse.com/1256525
SUSE Bug 1256525

Описание

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.

Затронутые продукты

Image SLES15-SP6-Azure-3P:libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP6-BYOS-Azure:libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP6-BYOS-GCE:libpng16-16-1.6.40-150600.3.6.1

Image SLES15-SP6-BYOS:libpng16-16-1.6.40-150600.3.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2026-22801.html
CVE-2026-22801
https://bugzilla.suse.com/1256526
SUSE Bug 1256526

SUSE-SU-2026:0234-1

Описание

Список пакетов

Image SLES15-SP6

Image SLES15-SP6-Azure-3P

Image SLES15-SP6-BYOS

Image SLES15-SP6-BYOS-Azure

Image SLES15-SP6-BYOS-GCE

Image SLES15-SP6-GCE

Image SLES15-SP6-Hardened-BYOS

Image SLES15-SP6-Hardened-BYOS-GCE

Image SLES15-SP6-SAP

Image SLES15-SP6-SAP-Azure-3P

Image SLES15-SP6-SAP-GCE

Image SLES15-SP6-SAP-Hardened

Image SLES15-SP6-SAP-Hardened-BYOS

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

Image SLES15-SP6-SAP-Hardened-EC2

Image SLES15-SP6-SAP-Hardened-GCE

Image SLES15-SP6-SAPCAL

Image SLES15-SP6-SAPCAL-GCE

Image SLES15-SP7-Azure-3P

Image SLES15-SP7-Azure-Basic

Image SLES15-SP7-Azure-Standard

Image SLES15-SP7-BYOS-Azure

Image SLES15-SP7-BYOS-EC2

Image SLES15-SP7-BYOS-GCE

Image SLES15-SP7-GCE

Image SLES15-SP7-HPC-Azure

Image SLES15-SP7-HPC-BYOS-EC2

Image SLES15-SP7-HPC-BYOS-GCE

Image SLES15-SP7-Hardened-BYOS-Azure

Image SLES15-SP7-Hardened-BYOS-EC2

Image SLES15-SP7-Hardened-BYOS-GCE

Image SLES15-SP7-SAP-Azure

Image SLES15-SP7-SAP-Azure-3P

Image SLES15-SP7-SAP-EC2

Image SLES15-SP7-SAP-Hardened-Azure

Image SLES15-SP7-SAP-Hardened-GCE

Image SLES15-SP7-SAPCAL-Azure

SUSE Linux Enterprise Module for Basesystem 15 SP7

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2026-22695

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2026-22801

Описание

Затронутые продукты

Ссылки