This update for clamav fixes the following issues:
Update to clamav 1.5.2:
Security issue:
- CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of
service conditions via a crafted HTML file (bsc#1259207).
Non security issue:
- Support transactional updates (jsc#PED-14819).
Changelog:
* Fixed a possible infinite loop when scanning some JPEG files by
upgrading affected ClamAV dependency, a Rust image library.
* The CVD verification process will now ignore certificate files
in the CVD certs directory when the user lacks read permissions.
* Freshclam: Fix CLD verification bug with PrivateMirror option.
* Upgraded the Rust bytes dependency to a newer version to
resolve RUSTSEC-2026-0007 advisory.
* Fixed a possible crash caused by invalid pointer alignment on
some platforms.
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update...
Read the Full Advisory- openSUSE Leap 16.0:
clamav-1.5.2-160000.1.1
clamav-devel-1.5.2-160000.1.1
clamav-docs-html-1.5.2-160000.1.1
clamav-milter-1.5.2-160000.1.1
libclamav12-1.5.2-160000.1.1
libclammspack0-1.5.2-160000.1.1
libfreshclam4-1.5.2-160000.1.1
* bsc#1221954
* bsc#1258072
* bsc#1259207
References:
* https://www.suse.com/security/cve/CVE-2026-20031.html
Get the latest Linux and open source security news straight to your inbox.