SUSE Package Hub - SUSE Package Hub Updates

Update ID	Severity	Type	Issued	Description	Packages
SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1751	important	security	2026-05-07	This update for jetty-minimal fixes the following issues: - CVE-2026-2332: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "fun ...	jetty-minimal-9.4.58-150200.3.40.1
SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1742	important	security	2026-05-07	This update for mozjs52 fixes the following issues - CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#125 ...	mozjs52-52.6.0-150000.3.12.1
SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1740	moderate	security	2026-05-07	This update for python-Django fixes the following issues - CVE-2026-3902: headers spoofing by exploiting an ambiguous mapping of two header variants in `ASGIRequest` requests (bsc#1261729). - CVE-2 ...	python-Django-4.2.11-150600.3.56.1
SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1731	important	security	2026-05-07	This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.31+11 (April 2026 CPU). Security issues fixed: - CVE-2026-22007: Security: unauthenticated attac ...	java-11-openjdk-11.0.31.0-150000.3.138.1
SUSE-PackageHub-16.0-packagehub-235	moderate	security	2026-05-07	This update for log4cxx fixes the following issues: Changes in log4cxx: - update to 1.7.0 (bsc#1261994, CVE-2026-40023): * Non-ascii characters incorrectly encoded in JSON output [#615] * XML ou ...	log4cxx-1.7.0-bp160.1.1
SUSE-PackageHub-16.0-721	moderate	recommended	2026-05-07	This update for elemental-toolkit fixes the following issues: Changes in elemental-toolkit: - Drop upstream reproducible build patch.	elemental-toolkit-2.3.2-160000.2.1
SUSE-PackageHub-16.0-720	moderate	recommended	2026-05-07	This update for gtk-vnc fixes the following issues: - Fixed that removal of spice led to a regression in functionality, specifically for graphical console copy paste (bsc#1251850)	gtk-vnc-1.5.0-160000.3.1
SUSE-PackageHub-16.0-717	moderate	security	2026-05-07	This update for c-ares fixes the following issue - CVE-2025-62408: use after free in read_answers() (bsc#1254738). Changes for c-ares: - c-ares 1.35.6: * Ignore Windows IDN Search Domains until pr ...	c-ares-1.34.6-160000.1.1
SUSE-PackageHub-16.0-716	low	security	2026-05-07	This update for cairo fixes the following issue: - CVE-2025-50422: Poppler crash on malformed input (bsc#1247589).	cairo-1.18.4-160000.3.1
SUSE-PackageHub-16.0-packagehub-234	moderate	security	2026-05-06	This update for python-Django fixes the following issues: Changes in python-Django: - CVE-2026-5766: Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass (bsc#12 ...	python-Django-5.2.4-bp160.8.1

SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1751

important

security

2026-05-07

This update for jetty-minimal fixes the following issues: - CVE-2026-2332: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "fun ...

jetty-minimal-9.4.58-150200.3.40.1

SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1742

important

security

2026-05-07

This update for mozjs52 fixes the following issues - CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#125 ...

mozjs52-52.6.0-150000.3.12.1

SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1740

moderate

security

2026-05-07

This update for python-Django fixes the following issues - CVE-2026-3902: headers spoofing by exploiting an ambiguous mapping of two header variants in `ASGIRequest` requests (bsc#1261729). - CVE-2 ...

python-Django-4.2.11-150600.3.56.1

SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1731

important

security

2026-05-07

This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.31+11 (April 2026 CPU). Security issues fixed: - CVE-2026-22007: Security: unauthenticated attac ...

java-11-openjdk-11.0.31.0-150000.3.138.1

SUSE-PackageHub-16.0-packagehub-235

moderate

security

2026-05-07

This update for log4cxx fixes the following issues: Changes in log4cxx: - update to 1.7.0 (bsc#1261994, CVE-2026-40023): * Non-ascii characters incorrectly encoded in JSON output [#615] * XML ou ...

log4cxx-1.7.0-bp160.1.1

SUSE-PackageHub-16.0-721

moderate

recommended

2026-05-07

This update for elemental-toolkit fixes the following issues: Changes in elemental-toolkit: - Drop upstream reproducible build patch.

elemental-toolkit-2.3.2-160000.2.1

SUSE-PackageHub-16.0-720

moderate

recommended

2026-05-07

This update for gtk-vnc fixes the following issues: - Fixed that removal of spice led to a regression in functionality, specifically for graphical console copy paste (bsc#1251850)

gtk-vnc-1.5.0-160000.3.1

SUSE-PackageHub-16.0-717

moderate

security

2026-05-07

This update for c-ares fixes the following issue - CVE-2025-62408: use after free in read_answers() (bsc#1254738). Changes for c-ares: - c-ares 1.35.6: * Ignore Windows IDN Search Domains until pr ...

c-ares-1.34.6-160000.1.1

SUSE-PackageHub-16.0-716

low

security

2026-05-07

This update for cairo fixes the following issue: - CVE-2025-50422: Poppler crash on malformed input (bsc#1247589).

cairo-1.18.4-160000.3.1

SUSE-PackageHub-16.0-packagehub-234

moderate

security

2026-05-06

This update for python-Django fixes the following issues: Changes in python-Django: - CVE-2026-5766: Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass (bsc#12 ...

python-Django-5.2.4-bp160.8.1