This update for harfbuzz fixes the following issues:
* CVE-2026-22693: Fixed a NULL pointer dereference in
SubtableUnicodesCache::create (bsc#1256459).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-287=1 SUSE-2026-287=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-287=1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* harfbuzz-devel-8.3.0-150600.3.3.1
* libharfbuzz-gobject0-debuginfo-8.3.0-150600.3.3.1
* libharfbuzz-subset0-8.3.0-150600.3.3.1
* harfbuzz-tools-debuginfo-8.3.0-150600.3.3.1
* harfbuzz-debugsource-8.3.0-150600.3.3.1
* libharfbuzz-gobject0-8.3.0-150600.3.3.1
* libharfbuzz-icu0-debuginfo-8.3.0-150600.3.3.1
* typelib-1_0-HarfBuzz-0_0-8.3.0-150600.3.3.1
* libharfbuzz-icu0-8.3.0-150600.3.3.1
* libharfbuzz-subset0-debuginfo-8.3.0-150600.3.3.1
* libharfbuzz0-8.3.0-150600.3.3.1
* libharfbuzz-cairo0-debuginfo-8.3.0-150600.3.3.1
* harfbuzz-tools-8.3.0-150600.3.3.1
* libharfbuzz0-debuginfo-8.3.0-150600.3.3.1
* libharfbuzz-cairo0-8.3.0-150600.3.3.1
* openSUSE Leap 15.6 (x86_64)
* libharfbuzz-cairo0-32bit-8.3.0-150600.3.3.1
* libharfbuzz-icu0-32bit-debuginfo-8.3.0-150600.3.3.1
* libharfbuzz-gobject0-32bit-debuginfo-8.3.0-150600.3.3.1
* libharfbuzz0-32bit-8.3.0-150600.3.3.1
* libharfbuzz-gobject0-32bit-8.3.0-150600.3.3.1
*...
Read the Full Advisory* bsc#1256459
## References:
* https://www.suse.com/security/cve/CVE-2026-22693.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256459
Get the latest Linux and open source security news straight to your inbox.