Release date:
2026-06-22 20:19:47 UTC
Description:
* SECURITY UPDATE: NULL pointer dereference in mod_dav_lock indirect-lock
refresh
- debian/patches/CVE-2026-29169.patch: replace all six dp-> reads in
the indirect-lock branch of dav_generic_refresh_locks() with the
resolved dp_scan->... values in modules/dav/lock/locks.c so a crafted
WebDAV LOCK refresh against a resource that only inherits an indirect
lock from a parent no longer dereferences NULL via dp->locktoken /
dp->f.scope / dp->owner. Upstream fix
225dc070adba11040b774cf641e1d8bc79941643 (SVN r1933354).
- CVE-2026-29169
Updated packages:
-
apache2_2.4.41-4ubuntu3.23+tuxcare.els8_amd64.deb
sha:ba35757042a318b48611699879e558ebea0c720d
-
apache2-bin_2.4.41-4ubuntu3.23+tuxcare.els8_amd64.deb
sha:1401abe4244f3449ec60083cc8fb1304ff851f17
-
apache2-data_2.4.41-4ubuntu3.23+tuxcare.els8_all.deb
sha:51435129d101f8ba253b2f9fa1b2fea25b5530dc
-
apache2-dev_2.4.41-4ubuntu3.23+tuxcare.els8_amd64.deb
sha:e4b1748945d68c1abc5d5446f4565353a45d9268
-
apache2-doc_2.4.41-4ubuntu3.23+tuxcare.els8_all.deb
sha:007fae16d3c855ee3b50dda2c3875f2d5c6dcc7e
-
apache2-ssl-dev_2.4.41-4ubuntu3.23+tuxcare.els8_amd64.deb
sha:0f4ed62dc3c89e9d23865d89181f85e58211117c
-
apache2-suexec-custom_2.4.41-4ubuntu3.23+tuxcare.els8_amd64.deb
sha:68e79c6d303c4dae02b802f1d037dd5c716a5c0e
-
apache2-suexec-pristine_2.4.41-4ubuntu3.23+tuxcare.els8_amd64.deb
sha:13bd6e9afc2d68661d4506874845246a4e226152
-
apache2-utils_2.4.41-4ubuntu3.23+tuxcare.els8_amd64.deb
sha:847e14558f769e4dcdec97724cd2b03379e073c0
-
libapache2-mod-md_2.4.41-4ubuntu3.23+tuxcare.els8_amd64.deb
sha:2276bfa948fb4029740f55c436f734da7f7489f7
-
libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.23+tuxcare.els8_amd64.deb
sha:9d358bb1033e8399c738b0f7d471b5da4a2d79bf
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.