CLSA-2026-1777552532

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777552532.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1777552532

Upstream

CVE-2025-64720

CVE-2025-65018

Published

2026-04-30T12:35:45Z

Modified

2026-06-04T09:47:37.822789783Z

Summary

Fix CVE(s): CVE-2025-64720, CVE-2025-65018

Details

No-source-change rebuild against libpng (>= 1.6.37-2+tuxcare.els2) to pick up the libpng security fixes for:
- CVE-2025-64720: pngimagereadcomposite OOB read on palette images with PNGFLAGOPTIMIZEALPHA (libpng < 1.6.51).
- CVE-2025-65018: pngimagefinish_read heap buffer overflow on 16-bit interlaced PNGs with 8-bit output (libpng < 1.6.51). Both vulnerabilities live entirely in libpng (used in OpenJDK only via the system libpng linked into libsplashscreen / AWT image decoding via libsplashscreen --with-libpng=system); no OpenJDK source change is required. The fix is delivered by the libpng rebuild (build 69ef31c7922f4d8bf30fd637, libpng1.6 1.6.37-2+tuxcare.els2). Bumping the Build-Depends floor on libpng-dev guarantees the fixed headers/library are linked in this rebuild.

References

https://errata.tuxcare.com/els_os/ubuntu20.04els/CLSA-2026-1777552532.html

Affected packages

TuxCare:Ubuntu:20.04

openjdk-11-demo

Package

Name: openjdk-11-demo
Purl: pkg:deb/tuxcare/openjdk-11-demo?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

11.0.30+7-0ubuntu1~20.04+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777552532.json"

openjdk-11-doc

Package

Name: openjdk-11-doc
Purl: pkg:deb/tuxcare/openjdk-11-doc?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

11.0.30+7-0ubuntu1~20.04+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777552532.json"

openjdk-11-jdk

Package

Name: openjdk-11-jdk
Purl: pkg:deb/tuxcare/openjdk-11-jdk?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

11.0.30+7-0ubuntu1~20.04+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777552532.json"

openjdk-11-jdk-headless

Package

Name: openjdk-11-jdk-headless
Purl: pkg:deb/tuxcare/openjdk-11-jdk-headless?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

11.0.30+7-0ubuntu1~20.04+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777552532.json"

openjdk-11-jre

Package

Name: openjdk-11-jre
Purl: pkg:deb/tuxcare/openjdk-11-jre?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

11.0.30+7-0ubuntu1~20.04+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777552532.json"

openjdk-11-jre-headless

Package

Name: openjdk-11-jre-headless
Purl: pkg:deb/tuxcare/openjdk-11-jre-headless?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

11.0.30+7-0ubuntu1~20.04+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777552532.json"

openjdk-11-jre-zero

Package

Name: openjdk-11-jre-zero
Purl: pkg:deb/tuxcare/openjdk-11-jre-zero?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

11.0.30+7-0ubuntu1~20.04+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777552532.json"

openjdk-11-source

Package

Name: openjdk-11-source
Purl: pkg:deb/tuxcare/openjdk-11-source?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

11.0.30+7-0ubuntu1~20.04+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777552532.json"