Overview

File _patchinfo of Package patchinfo.43164

<patchinfo incident="43164">
  <!--generated with prepare-update from request 403554-->
  <issue tracker="bnc" id="1221954">[SLES15SP6][SECURITY][FIPS] ClamAV fails in FIPS mode due to MD5</issue>
  <issue tracker="bnc" id="1258072">L3: clamscan: symbol lookup error: clamscan: undefined symbol: cl_engine_set_clcb_engine_compile_progress</issue>
  <issue tracker="bnc" id="1259207">VUL-0: CVE-2026-20031: clamav: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file</issue>
  <issue tracker="cve" id="2026-20031"/>
  <issue tracker="jsc" id="PED-14819"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>rmax</packager>
  <summary>Security update for clamav</summary>
  <description>This update for clamav fixes the following issues:

Update to clamav 1.5.2:

Security issue:

- CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of
  service conditions via a crafted HTML file (bsc#1259207).

Non security issue:

- Support transactional updates (jsc#PED-14819).

Changelog:

 * Fixed a possible infinite loop when scanning some JPEG files by
 upgrading affected ClamAV dependency, a Rust image library.
 * The CVD verification process will now ignore certificate files
 in the CVD certs directory when the user lacks read permissions.
 * Freshclam: Fix CLD verification bug with PrivateMirror option.
 * Upgraded the Rust bytes dependency to a newer version to
 resolve RUSTSEC-2026-0007 advisory.
 * Fixed a possible crash caused by invalid pointer alignment on
 some platforms.
 * Minimal required Rust version is now 1.87.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places