Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 620
Alerts This Week
Warning Icon 1 620

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -8 articles for you...
100

SUSE Linux Micro harfbuzz Moderate NULL Pointer Dereference 2026-20762-1

An update that solves one vulnerability can now be installed.. # Security update for harfbuzz Announcement ID: SUSE-SU-2026:20762-1 Release Date: 2026-03-20T15:28:08Z Rating: moderate References: * bsc#1256459 Cross-References: * CVE-2026-22693 CVSS scores: * CVE-2026-22693 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-22693 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22693 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for harfbuzz fixes the following issues: Update to version 11.4.5: Security fixes: * CVE-2026-22693: Fixed a NULL pointer dereference in SubtableUnicodesCache::create (bsc#1256459). Other fixes: * Bug fixes for \u201cAAT\u201d shaping, and other shaping micro optimizations. * Fix a shaping regression affecting mark glyphs in certain fonts. * Fix pruning of mark filtering sets when subsetting fonts, which caused changes in shaping behaviour. * Make shaping fail much faster for certain malformed fonts (e.g., those that trigger infinite recursion). * Fix undefined behaviour introduced in 11.4.2. * Fix detection of the \u201cCambria Math\u201d font when fonts are scaled, so the workaround for the bad MATH table constant is applied. * Various performance and memory usage improvements. * The hb-shape command line tool can now be built with the amalgamated harfbuzz.cc source. * Fix regression in handling version 2 of avar table. * Increase various buffer length limits for better handling of fonts that generate huge number of glyphs per codepoint (e.g. Noto Sans Duployan). * Improvements to the harfrust shaper for more accurate testing. * Fix clang compiler warnings. * General shaping and subsetting speedups. * Fix in Graphite shaping backend when glyph advances became negative. *Subsetting improvements, pruning empty mark-attachment lookups. * Don't use the macro name _S, which is reserved by system liberaries. * Build fixes and speedup. * Add a kbts shaping backend that calls into the kb_text_shape single-header shaping library. This is purely for testing and performance evaluation and we do NOT recommend using it for any other purposes. * Fix bug in vertical shaping of fonts without the vmtx table. * Fix build with non-compliant C++11 compilers that don't recognize the "and" keyword. * Fix crasher in the glyph_v_origin function introduced in 11.3.0. * Speed up handling fonts with very large number of variations. * Speed up getting horizontal and vertical glyph advances by up to 24%. * Significantly speed up vertical text shaping. * Various documentation improvements. * Various build improvements. * Various subsetting improvements. * Various improvements to Rust font functions (fontations integration) and shaper (HarfRust integration). * Rename harfruzz option and shaper to harfrust following upstream rename. * Implement hb_face_reference_blob() for DirectWrite font functions. * Various build improvements. * Fix build with HB_NO_DRAW and HB_NO_PAINT. * Add an optional harfruzz shaper that uses HarfRuzz; an ongoing Rust port of HarfBuzz shaping. This shaper is mainly used for testing the output of the Rust implementation. * Fix regression that caused applying unsafe_to_break() to the whole buffer to be ignored. * Update USE data files. * Fix getting advances of out-of-rage glyph indices in DirectWrite font functions. * Painting of COLRv1 fonts without clip boxes is now about 10 times faster. * Synthetic bold/slant of a sub font is now respected, instead of using the parent\u2019s. * Glyph extents for fonts synthetic bold/slant are now accurately calculated. * Various build fixes. * Include bidi mirroring variants of the requested codepoints when subsetting. The new HB_SUBSET_FLAGS_NO_BIDI_CLOSUREcan be used to disable this behaviour. * Various bug fixes. * Various build fixes and improvements. * Various test suite improvements. * The change in version 10.3.0 to apply \u201ctrak\u201d table tracking values to glyph advances directly has been reverted as it required every font functions implementation to handle it, which breaks existing custom font functions. Tracking is instead back to being applied during shaping. * When directwrite integration is enabled, we now link to dwrite.dll instead of dynamically loading it. * A new experimental APIs for getting raw \u201cCFF\u201d and \u201cCFF2\u201d CharStrings. * We now provide manpages for the various command line utilities. Building manpages requires \u201chelp2man\u201d and will be skipped if it is not present. * The command line utilities now set different return value for different kinds of failures. Details are provided in the manpages. * Various fixes and improvements to fontations font functions. * All shaping operations using the ot shaper have become memory allocation- free. * Glyph extents returned by hb-ot and hb-ft font functions are now rounded in stead of flooring/ceiling them, which also matches what other font libraries do. * Fix \u201cAAT\u201d deleted glyph marks interfering with fallback mark positioning. * Glyph outlines emboldening have been moved out of hb-ot and hb-ft font functions to the HarfBuzz font layer, so that it works with any font functions implementation. * Fix our fallback C++11 atomics integration, which seems to not be widely used. * Various testing fixes and improvements. * Various subsetting fixes and improvements. * Various other fixes and improvements. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-423=1 ##Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * libharfbuzz0-11.4.5-160000.1.1 * libharfbuzz-gobject0-debuginfo-11.4.5-160000.1.1 * typelib-1_0-HarfBuzz-0_0-11.4.5-160000.1.1 * libharfbuzz-gobject0-11.4.5-160000.1.1 * libharfbuzz0-debuginfo-11.4.5-160000.1.1 * harfbuzz-debugsource-11.4.5-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-22693.html * https://bugzilla.suse.com/show_bug.cgi?id=1256459 . An update for harfbuzz addresses a moderate security issue regarding a NULL pointer dereference vulnerability.. harfbuzz security patch, SUSE update, Linux Micro vulnerability. . LinuxSecurity.com Team

Calendar%202 Mar 24, 2026 SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200