Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

openSUSE Leap 16.0 ClamAV Moderate Denial of Service Advisory 2026-20479-1

opensuse
Calendar Grey April 21, 2026
Dist Opensuse Esm H88
Update for clamav addresses one security issue and includes three critical bug fixes in openSUSE Leap 16.0.
An update that solves one vulnerability and has 3 bug fixes can now be installed.

Description

This update for clamav fixes the following issues:

Update to clamav 1.5.2:

Security issue:

- CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of

service conditions via a crafted HTML file (bsc#1259207).

Non security issue:

- Support transactional updates (jsc#PED-14819).

Changelog:

* Fixed a possible infinite loop when scanning some JPEG files by

upgrading affected ClamAV dependency, a Rust image library.

* The CVD verification process will now ignore certificate files

in the CVD certs directory when the user lacks read permissions.

* Freshclam: Fix CLD verification bug with PrivateMirror option.

* Upgraded the Rust bytes dependency to a newer version to

resolve RUSTSEC-2026-0007 advisory.

* Fixed a possible crash caused by invalid pointer alignment on

some platforms.

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods

like YaST online_update...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

clamav-1.5.2-160000.1.1

clamav-devel-1.5.2-160000.1.1

clamav-docs-html-1.5.2-160000.1.1

clamav-milter-1.5.2-160000.1.1

libclamav12-1.5.2-160000.1.1

libclammspack0-1.5.2-160000.1.1

libfreshclam4-1.5.2-160000.1.1

References

* bsc#1221954

* bsc#1258072

* bsc#1259207

References:

* https://www.suse.com/security/cve/CVE-2026-20031.html

Announcement ID: openSUSE-SU-2026:20479-1
Rating: moderate
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here