This update for clamav fixes the following issues:
Update to clamav 1.5.2:
Security issue:
- CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of
service conditions via a crafted HTML file (bsc#1259207).
Non security issue:
- Support transactional updates (jsc#PED-14819).
Changelog:
- Fixed a possible infinite loop when scanning some JPEG files by
upgrading affected ClamAV dependency, a Rust image library.
- The CVD verification process will now ignore certificate files
in the CVD certs directory when the user lacks read permissions.
- Freshclam: Fix CLD verification bug with PrivateMirror option.
- Upgraded the Rust bytes dependency to a newer version to
resolve RUSTSEC-2026-0007 advisory.
- Fixed a possible crash caused by invalid pointer alignment on
some platforms.
- Minimal required Rust version is now 1.87.