[CLSA-2026:1782157735] Fix CVE(s): CVE-2026-29169
Type:
security
Severity:
Important
Release date:
2026-06-22 19:49:10 UTC
Description:
* SECURITY UPDATE: NULL pointer dereference in mod_dav_lock indirect-lock refresh - debian/patches/CVE-2026-29169.patch: replace all six dp-> reads in the indirect-lock branch of dav_generic_refresh_locks() with the resolved dp_scan->... values in modules/dav/lock/locks.c so a crafted WebDAV LOCK refresh against a resource that only inherits an indirect lock from a parent no longer dereferences NULL via dp->locktoken / dp->f.scope / dp->owner. Upstream fix 225dc070adba11040b774cf641e1d8bc79941643 (SVN r1933354). - CVE-2026-29169
CVEs fixed:
Updated packages:
  • apache2_2.4.18-2ubuntu3.17+tuxcare.els21_amd64.deb
    sha:70bc07705ee116c4c3891ec8f2b9b0729eb35bc7
  • apache2-bin_2.4.18-2ubuntu3.17+tuxcare.els21_amd64.deb
    sha:82bc68ac5c506a169861170aac4e3f91b58bf391
  • apache2-data_2.4.18-2ubuntu3.17+tuxcare.els21_all.deb
    sha:47ababde182844db19654107b769eb3aadce9ba1
  • apache2-dev_2.4.18-2ubuntu3.17+tuxcare.els21_amd64.deb
    sha:391fc0c39acfd003ef916f20960af5fa2b3ce1c4
  • apache2-doc_2.4.18-2ubuntu3.17+tuxcare.els21_all.deb
    sha:c7aa206270c693ffb8e5e6457ec7fc53ab50867c
  • apache2-suexec-custom_2.4.18-2ubuntu3.17+tuxcare.els21_amd64.deb
    sha:d55c41b2424e0af47f77b4476ff6106fe3936238
  • apache2-suexec-pristine_2.4.18-2ubuntu3.17+tuxcare.els21_amd64.deb
    sha:3f41a5d27acd89c299ba72328afbe71125c7eef8
  • apache2-utils_2.4.18-2ubuntu3.17+tuxcare.els21_amd64.deb
    sha:019995ab3249815661731d39d6b972cadbd2bf18
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.