MGASA-2026-0205 Updated libpng packages fix security vulnerabilities

LIBPNG has a use-after-free in pngsetPLTE, pngsettRNS and pngsethIST leading to corrupted chunk data and potential heap information disclosure. CVE-2026-34757 Chunk smuggling in push-mode APNG parser via unconsumed chunk body. CVE-2026-40930...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: Tracing: Fixed a potential double-free issue in createvarref. In createvarref, initvarref is called to initialize the fields of the reffield variable. This variable is allocated in the previous function call, to createhistfield...

Astra Linux - уязвимость в aom

It was discovered that AOM v2.0.1 contains a NULL pointer dereferencing issue through the ratehist.c component...

SUSE-SU-2026:1716-1 Security update for libpng12

This update for libpng12 fixes the following issues: Update to version 1.2.59 jscPED-16191. Security issues : - CVE-2017-12652: missing chunk length check can lead to sensitive information disclosure, data corruption or crash bsc1141493. - CVE-2026-33416: use-after-free via pointer aliasing in...

Security update for libpng12

This update for libpng12 fixes the following issues: Update to version 1.2.59 jscPED-16191. CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE can lead to arbitrary code execution bsc1260754. CVE-2026-34757: use-after-free in pngsetPLTE, pngsettRNS and pngsethIST can...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: traceeventshist: A check was added to ensure that the return value of createhistfield is checked. The function createhistfield is called recursively at line 1954 of traceeventshist.c, and it may return a NULL value. Therefore, we...

Medium: libpng

Issue Overview: Use-after-free in pngsetPLTE, pngsettRNS and pngsethIST in libpng before 1.6.57. Passing a pointer returned by the corresponding getter back into the setter causes the setter to read from a stale pointer after freeing the internal buffer, leading to corrupted chunk data and...

SUSE SLED15 / SLES15 Security Update : libpng16 (SUSE-SU-2026:1602-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1602-1 advisory. This update for libpng16 fixes the following issue: - CVE-2026-34757: information disclosure and data corruption due to...

Security update for libpng16

This update for libpng16 fixes the following issue: CVE-2026-34757: information disclosure and data corruption due to use-after-free in pngsetPLTE, pngsettRNS and pngsethIST bsc1261957. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE-SU-2026:1602-1 Security update for libpng16

This update for libpng16 fixes the following issue: - CVE-2026-34757: information disclosure and data corruption due to use-after-free in pngsetPLTE, pngsettRNS and pngsethIST bsc1261957...

Security update for libpng16

This update for libpng16 fixes the following issue: CVE-2026-34757: information disclosure and data corruption due to use-after-free in pngsetPLTE, pngsettRNS and pngsethIST bsc1261957. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010799)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010799 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing/hist: Fix out-of-bound write on 'actiondata.varrefidx' When generate a synthetic event wi...

SUSE-SU-2026:1500-1 Security update for libpng15

This update for libpng15 fixes the following issues: - CVE-2026-34757: use-after-free in pngsetPLTE, pngsettRNS and pngsethIST can lead to information disclosure and data corruption bsc1261957. - CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE can lead to arbitrar...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007246)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007246 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing/histograms: Add histograms to histvars if they have referenced variables Hist triggers ca...

CVE-2026-34757

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...

CVE-2026-34757

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...

EUVD-2026-15251

In the Linux kernel, the following vulnerability has been resolved: tracing: Add NULL pointer check to triggerdatafree If triggerdataalloc fails and returns NULL, eventhisttriggerparse jumps to the outfree error path. While kfree safely handles a NULL pointer, triggerdatafree does not. This cause...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991196)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991196 advisory. In the Linux kernel, the following vulnerability has been resolved: traceeventshist: add check for return value of 'createhistfield' Function 'createhistfield' is...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990386)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990386 advisory. In the Linux kernel, the following vulnerability has been resolved: traceeventshist: add check for return value of 'createhistfield' Function 'createhistfield' is...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990283)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990283 advisory. In the Linux kernel, the following vulnerability has been resolved: traceeventshist: add check for return value of 'createhistfield' Function 'createhistfield' is...