Release date:
2026-04-30 12:35:45 UTC
Description:
* No-source-change rebuild against libpng (>= 1.6.37-2+tuxcare.els2) to
pick up the libpng security fixes for:
- CVE-2025-64720: png_image_read_composite OOB read on palette images
with PNG_FLAG_OPTIMIZE_ALPHA (libpng < 1.6.51).
- CVE-2025-65018: png_image_finish_read heap buffer overflow on 16-bit
interlaced PNGs with 8-bit output (libpng < 1.6.51).
Both vulnerabilities live entirely in libpng (used in OpenJDK only via
the system libpng linked into libsplashscreen / AWT image decoding via
libsplashscreen --with-libpng=system); no OpenJDK source change is
required. The fix is delivered by the libpng rebuild
(build 69ef31c7922f4d8bf30fd637, libpng1.6 1.6.37-2+tuxcare.els2).
Bumping the Build-Depends floor on libpng-dev guarantees the fixed
headers/library are linked in this rebuild.
Updated packages:
-
openjdk-11-demo_11.0.30+7-0ubuntu1~20.04+tuxcare.els2_amd64.deb
sha:d4373130a7c9b1a6a4b22073a94dfcf2b279b999
-
openjdk-11-doc_11.0.30+7-0ubuntu1~20.04+tuxcare.els2_all.deb
sha:794cca1b9289c7bb5f723ee4fed6fb09a8ff44fc
-
openjdk-11-jdk_11.0.30+7-0ubuntu1~20.04+tuxcare.els2_amd64.deb
sha:c696658970f386f43c182e6996f1540b1d28e342
-
openjdk-11-jdk-headless_11.0.30+7-0ubuntu1~20.04+tuxcare.els2_amd64.deb
sha:2312698d9fecc7379053f44f6ee1275e4c053602
-
openjdk-11-jre_11.0.30+7-0ubuntu1~20.04+tuxcare.els2_amd64.deb
sha:304c5601038a479a7b5274281f962a081603738b
-
openjdk-11-jre-headless_11.0.30+7-0ubuntu1~20.04+tuxcare.els2_amd64.deb
sha:6a48a51fa430e319f5b535e8e25e2c0fb5d27284
-
openjdk-11-jre-zero_11.0.30+7-0ubuntu1~20.04+tuxcare.els2_amd64.deb
sha:54f887add89156f8b3b93dea7b266a10d7030e75
-
openjdk-11-source_11.0.30+7-0ubuntu1~20.04+tuxcare.els2_all.deb
sha:45d2f88413f0966f85eefdc24ba8ccafd4dbdabd
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
