{"affected":[],"aliases":[],"details":"This update for clamav fixes the following issues:\n\nUpdate to clamav 1.5.2:\n\nSecurity issue:\n\n- CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of\n  service conditions via a crafted HTML file (bsc#1259207).\n\nNon security issue:\n\n- Support transactional updates (jsc#PED-14819).\n\nChangelog:\n\n * Fixed a possible infinite loop when scanning some JPEG files by\n upgrading affected ClamAV dependency, a Rust image library.\n * The CVD verification process will now ignore certificate files\n in the CVD certs directory when the user lacks read permissions.\n * Freshclam: Fix CLD verification bug with PrivateMirror option.\n * Upgraded the Rust bytes dependency to a newer version to\n resolve RUSTSEC-2026-0007 advisory.\n * Fixed a possible crash caused by invalid pointer alignment on\n some platforms.\n * Minimal required Rust version is now 1.87.\n","id":"SUSE-SU-2026:0906-1","modified":"2026-03-17T16:32:20Z","published":"2026-03-17T16:32:20Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2026/suse-su-20260906-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1221954"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258072"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259207"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-20031"}],"related":["CVE-2026-20031"],"summary":"Security update for clamav","upstream":["CVE-2026-20031"]}