Release date:
2026-06-24 09:59:20 UTC
Description:
* SECURITY UPDATE: NULL pointer dereference in mod_dav_lock indirect-lock
refresh
- debian/patches/CVE-2026-29169.patch: replace all six dp-> reads in
the indirect-lock branch of dav_generic_refresh_locks() with the
resolved dp_scan->... values in modules/dav/lock/locks.c so a crafted
WebDAV LOCK refresh against a resource that only inherits an indirect
lock from a parent no longer dereferences NULL via dp->locktoken /
dp->f.scope / dp->owner. Upstream fix
225dc070adba11040b774cf641e1d8bc79941643 (SVN r1933354).
- CVE-2026-29169
Updated packages:
-
apache2_2.4.29-1ubuntu4.27+tuxcare.els11_amd64.deb
sha:a96464537ff8ed89145343172b7b30ab6926088b
-
apache2-bin_2.4.29-1ubuntu4.27+tuxcare.els11_amd64.deb
sha:6e76c6f6e3a1a6b682b561f18ab6863c001ceb19
-
apache2-data_2.4.29-1ubuntu4.27+tuxcare.els11_all.deb
sha:8299018e0044a5b69fb185b7664d972e3b9c86ba
-
apache2-dev_2.4.29-1ubuntu4.27+tuxcare.els11_amd64.deb
sha:11dd82e454a31d2be569a1238c042631233a05b2
-
apache2-doc_2.4.29-1ubuntu4.27+tuxcare.els11_all.deb
sha:d27a2e18df6b9200a9b76e23cdfc47c48ea09821
-
apache2-ssl-dev_2.4.29-1ubuntu4.27+tuxcare.els11_amd64.deb
sha:d1e8f1330e93ef1169672460cfc717a6f394e4e1
-
apache2-suexec-custom_2.4.29-1ubuntu4.27+tuxcare.els11_amd64.deb
sha:acf76f55a0af1d476c7d5580448006b6a71d1351
-
apache2-suexec-pristine_2.4.29-1ubuntu4.27+tuxcare.els11_amd64.deb
sha:e97f1ed9fdaa1d40f694461071e35b0dc7ca284a
-
apache2-utils_2.4.29-1ubuntu4.27+tuxcare.els11_amd64.deb
sha:0531d0364e2d11b74967ef0c699a36fb98ad3c60
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.