[CLSA-2026:1782159571] Fix CVE(s): CVE-2026-29169
Type:
security
Severity:
Important
Release date:
2026-06-22 20:19:47 UTC
Description:
* SECURITY UPDATE: NULL pointer dereference in mod_dav_lock indirect-lock refresh - debian/patches/CVE-2026-29169.patch: replace all six dp-> reads in the indirect-lock branch of dav_generic_refresh_locks() with the resolved dp_scan->... values in modules/dav/lock/locks.c so a crafted WebDAV LOCK refresh against a resource that only inherits an indirect lock from a parent no longer dereferences NULL via dp->locktoken / dp->f.scope / dp->owner. Upstream fix 225dc070adba11040b774cf641e1d8bc79941643 (SVN r1933354). - CVE-2026-29169
CVEs fixed:
Updated packages:
  • apache2_2.4.41-4ubuntu3.23+tuxcare.els8_amd64.deb
    sha:ba35757042a318b48611699879e558ebea0c720d
  • apache2-bin_2.4.41-4ubuntu3.23+tuxcare.els8_amd64.deb
    sha:1401abe4244f3449ec60083cc8fb1304ff851f17
  • apache2-data_2.4.41-4ubuntu3.23+tuxcare.els8_all.deb
    sha:51435129d101f8ba253b2f9fa1b2fea25b5530dc
  • apache2-dev_2.4.41-4ubuntu3.23+tuxcare.els8_amd64.deb
    sha:e4b1748945d68c1abc5d5446f4565353a45d9268
  • apache2-doc_2.4.41-4ubuntu3.23+tuxcare.els8_all.deb
    sha:007fae16d3c855ee3b50dda2c3875f2d5c6dcc7e
  • apache2-ssl-dev_2.4.41-4ubuntu3.23+tuxcare.els8_amd64.deb
    sha:0f4ed62dc3c89e9d23865d89181f85e58211117c
  • apache2-suexec-custom_2.4.41-4ubuntu3.23+tuxcare.els8_amd64.deb
    sha:68e79c6d303c4dae02b802f1d037dd5c716a5c0e
  • apache2-suexec-pristine_2.4.41-4ubuntu3.23+tuxcare.els8_amd64.deb
    sha:13bd6e9afc2d68661d4506874845246a4e226152
  • apache2-utils_2.4.41-4ubuntu3.23+tuxcare.els8_amd64.deb
    sha:847e14558f769e4dcdec97724cd2b03379e073c0
  • libapache2-mod-md_2.4.41-4ubuntu3.23+tuxcare.els8_amd64.deb
    sha:2276bfa948fb4029740f55c436f734da7f7489f7
  • libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.23+tuxcare.els8_amd64.deb
    sha:9d358bb1033e8399c738b0f7d471b5da4a2d79bf
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.