Security update for harfbuzz SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:1821-1 Final 1 1 2023-04-12T08:03:01Z current 2023-04-12T08:03:01Z 2023-04-12T08:03:01Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for harfbuzz This update for harfbuzz fixes the following issues: - CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O(n^2) growth via consecutive marks (bsc#1207922). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES12-SP5-Azure-SAP-BYOS-2023-1821,Image SLES12-SP5-Azure-SAP-On-Demand-2023-1821,Image SLES12-SP5-EC2-SAP-BYOS-2023-1821,Image SLES12-SP5-EC2-SAP-On-Demand-2023-1821,Image SLES12-SP5-GCE-SAP-BYOS-2023-1821,Image SLES12-SP5-GCE-SAP-On-Demand-2023-1821,Image SLES12-SP5-SAP-Azure-LI-BYOS-Production-2023-1821,Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production-2023-1821,SUSE-2023-1821,SUSE-OpenStack-Cloud-9-2023-1821,SUSE-OpenStack-Cloud-Crowbar-9-2023-1821,SUSE-SLE-SAP-12-SP4-2023-1821,SUSE-SLE-SDK-12-SP5-2023-1821,SUSE-SLE-SERVER-12-SP2-BCL-2023-1821,SUSE-SLE-SERVER-12-SP4-ESPOS-2023-1821,SUSE-SLE-SERVER-12-SP4-LTSS-2023-1821,SUSE-SLE-SERVER-12-SP5-2023-1821,SUSE-SLE-WE-12-SP5-2023-1821 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20231821-1/ Link for SUSE-SU-2023:1821-1 https://lists.suse.com/pipermail/sle-security-updates/2023-May/014731.html E-Mail link for SUSE-SU-2023:1821-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1207922 SUSE Bug 1207922 https://www.suse.com/security/cve/CVE-2023-25193/ SUSE CVE CVE-2023-25193 page Image SLES12-SP5-Azure-SAP-BYOS Image SLES12-SP5-Azure-SAP-On-Demand Image SLES12-SP5-EC2-SAP-BYOS Image SLES12-SP5-EC2-SAP-On-Demand Image SLES12-SP5-GCE-SAP-BYOS Image SLES12-SP5-GCE-SAP-On-Demand Image SLES12-SP5-SAP-Azure-LI-BYOS-Production Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Workstation Extension 12 SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 libharfbuzz0-1.4.5-8.3.1 harfbuzz-devel-1.4.5-8.3.1 harfbuzz-tools-1.4.5-8.3.1 libharfbuzz-icu0-1.4.5-8.3.1 libharfbuzz-icu0-32bit-1.4.5-8.3.1 libharfbuzz-icu0-64bit-1.4.5-8.3.1 libharfbuzz0-32bit-1.4.5-8.3.1 libharfbuzz0-64bit-1.4.5-8.3.1 libharfbuzz0-1.4.5-8.3.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS libharfbuzz0-1.4.5-8.3.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand libharfbuzz0-1.4.5-8.3.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS libharfbuzz0-1.4.5-8.3.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand libharfbuzz0-1.4.5-8.3.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS libharfbuzz0-1.4.5-8.3.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demand libharfbuzz0-1.4.5-8.3.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production libharfbuzz0-1.4.5-8.3.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production libharfbuzz-icu0-1.4.5-8.3.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libharfbuzz0-1.4.5-8.3.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libharfbuzz0-32bit-1.4.5-8.3.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libharfbuzz-icu0-1.4.5-8.3.1 as a component of SUSE Linux Enterprise Server 12 SP4-ESPOS libharfbuzz0-1.4.5-8.3.1 as a component of SUSE Linux Enterprise Server 12 SP4-ESPOS libharfbuzz0-32bit-1.4.5-8.3.1 as a component of SUSE Linux Enterprise Server 12 SP4-ESPOS libharfbuzz-icu0-1.4.5-8.3.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS libharfbuzz0-1.4.5-8.3.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS libharfbuzz0-32bit-1.4.5-8.3.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS libharfbuzz-icu0-1.4.5-8.3.1 as a component of SUSE Linux Enterprise Server 12 SP5 libharfbuzz0-1.4.5-8.3.1 as a component of SUSE Linux Enterprise Server 12 SP5 libharfbuzz0-32bit-1.4.5-8.3.1 as a component of SUSE Linux Enterprise Server 12 SP5 libharfbuzz-icu0-1.4.5-8.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libharfbuzz0-1.4.5-8.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libharfbuzz0-32bit-1.4.5-8.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libharfbuzz-icu0-1.4.5-8.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libharfbuzz0-1.4.5-8.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libharfbuzz0-32bit-1.4.5-8.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 harfbuzz-devel-1.4.5-8.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libharfbuzz-icu0-32bit-1.4.5-8.3.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP5 libharfbuzz-icu0-1.4.5-8.3.1 as a component of SUSE OpenStack Cloud 9 libharfbuzz0-1.4.5-8.3.1 as a component of SUSE OpenStack Cloud 9 libharfbuzz0-32bit-1.4.5-8.3.1 as a component of SUSE OpenStack Cloud 9 libharfbuzz-icu0-1.4.5-8.3.1 as a component of SUSE OpenStack Cloud Crowbar 9 libharfbuzz0-1.4.5-8.3.1 as a component of SUSE OpenStack Cloud Crowbar 9 libharfbuzz0-32bit-1.4.5-8.3.1 as a component of SUSE OpenStack Cloud Crowbar 9 hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. CVE-2023-25193 Image SLES12-SP5-Azure-SAP-BYOS:libharfbuzz0-1.4.5-8.3.1 Image SLES12-SP5-Azure-SAP-On-Demand:libharfbuzz0-1.4.5-8.3.1 Image SLES12-SP5-EC2-SAP-BYOS:libharfbuzz0-1.4.5-8.3.1 Image SLES12-SP5-EC2-SAP-On-Demand:libharfbuzz0-1.4.5-8.3.1 Image SLES12-SP5-GCE-SAP-BYOS:libharfbuzz0-1.4.5-8.3.1 Image SLES12-SP5-GCE-SAP-On-Demand:libharfbuzz0-1.4.5-8.3.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libharfbuzz0-1.4.5-8.3.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libharfbuzz0-1.4.5-8.3.1 SUSE Linux Enterprise Server 12 SP2-BCL:libharfbuzz-icu0-1.4.5-8.3.1 SUSE Linux Enterprise Server 12 SP2-BCL:libharfbuzz0-1.4.5-8.3.1 SUSE Linux Enterprise Server 12 SP2-BCL:libharfbuzz0-32bit-1.4.5-8.3.1 SUSE Linux Enterprise Server 12 SP4-ESPOS:libharfbuzz-icu0-1.4.5-8.3.1 SUSE Linux Enterprise Server 12 SP4-ESPOS:libharfbuzz0-1.4.5-8.3.1 SUSE Linux Enterprise Server 12 SP4-ESPOS:libharfbuzz0-32bit-1.4.5-8.3.1 SUSE Linux Enterprise Server 12 SP4-LTSS:libharfbuzz-icu0-1.4.5-8.3.1 SUSE Linux Enterprise Server 12 SP4-LTSS:libharfbuzz0-1.4.5-8.3.1 SUSE Linux Enterprise Server 12 SP4-LTSS:libharfbuzz0-32bit-1.4.5-8.3.1 SUSE Linux Enterprise Server 12 SP5:libharfbuzz-icu0-1.4.5-8.3.1 SUSE Linux Enterprise Server 12 SP5:libharfbuzz0-1.4.5-8.3.1 SUSE Linux Enterprise Server 12 SP5:libharfbuzz0-32bit-1.4.5-8.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libharfbuzz-icu0-1.4.5-8.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libharfbuzz0-1.4.5-8.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libharfbuzz0-32bit-1.4.5-8.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libharfbuzz-icu0-1.4.5-8.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libharfbuzz0-1.4.5-8.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libharfbuzz0-32bit-1.4.5-8.3.1 SUSE Linux Enterprise Software Development Kit 12 SP5:harfbuzz-devel-1.4.5-8.3.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libharfbuzz-icu0-32bit-1.4.5-8.3.1 SUSE OpenStack Cloud 9:libharfbuzz-icu0-1.4.5-8.3.1 SUSE OpenStack Cloud 9:libharfbuzz0-1.4.5-8.3.1 SUSE OpenStack Cloud 9:libharfbuzz0-32bit-1.4.5-8.3.1 SUSE OpenStack Cloud Crowbar 9:libharfbuzz-icu0-1.4.5-8.3.1 SUSE OpenStack Cloud Crowbar 9:libharfbuzz0-1.4.5-8.3.1 SUSE OpenStack Cloud Crowbar 9:libharfbuzz0-32bit-1.4.5-8.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20231821-1/ https://www.suse.com/security/cve/CVE-2023-25193.html CVE-2023-25193 https://bugzilla.suse.com/1207922 SUSE Bug 1207922 https://bugzilla.suse.com/1213939 SUSE Bug 1213939