[CLSA-2026:1782295144] Fix CVE(s): CVE-2026-29169
Type:
security
Severity:
Important
Release date:
2026-06-24 09:59:20 UTC
Description:
* SECURITY UPDATE: NULL pointer dereference in mod_dav_lock indirect-lock refresh - debian/patches/CVE-2026-29169.patch: replace all six dp-> reads in the indirect-lock branch of dav_generic_refresh_locks() with the resolved dp_scan->... values in modules/dav/lock/locks.c so a crafted WebDAV LOCK refresh against a resource that only inherits an indirect lock from a parent no longer dereferences NULL via dp->locktoken / dp->f.scope / dp->owner. Upstream fix 225dc070adba11040b774cf641e1d8bc79941643 (SVN r1933354). - CVE-2026-29169
CVEs fixed:
Updated packages:
  • apache2_2.4.29-1ubuntu4.27+tuxcare.els11_amd64.deb
    sha:a96464537ff8ed89145343172b7b30ab6926088b
  • apache2-bin_2.4.29-1ubuntu4.27+tuxcare.els11_amd64.deb
    sha:6e76c6f6e3a1a6b682b561f18ab6863c001ceb19
  • apache2-data_2.4.29-1ubuntu4.27+tuxcare.els11_all.deb
    sha:8299018e0044a5b69fb185b7664d972e3b9c86ba
  • apache2-dev_2.4.29-1ubuntu4.27+tuxcare.els11_amd64.deb
    sha:11dd82e454a31d2be569a1238c042631233a05b2
  • apache2-doc_2.4.29-1ubuntu4.27+tuxcare.els11_all.deb
    sha:d27a2e18df6b9200a9b76e23cdfc47c48ea09821
  • apache2-ssl-dev_2.4.29-1ubuntu4.27+tuxcare.els11_amd64.deb
    sha:d1e8f1330e93ef1169672460cfc717a6f394e4e1
  • apache2-suexec-custom_2.4.29-1ubuntu4.27+tuxcare.els11_amd64.deb
    sha:acf76f55a0af1d476c7d5580448006b6a71d1351
  • apache2-suexec-pristine_2.4.29-1ubuntu4.27+tuxcare.els11_amd64.deb
    sha:e97f1ed9fdaa1d40f694461071e35b0dc7ca284a
  • apache2-utils_2.4.29-1ubuntu4.27+tuxcare.els11_amd64.deb
    sha:0531d0364e2d11b74967ef0c699a36fb98ad3c60
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.