[ALSA-2025:14625] Moderate: mod_http2 security update
Type:
security
Severity:
moderate
Release date:
2025-08-27
Description:
The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. Security Fix(es): * httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module (CVE-2025-49630) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 mod_http2-2.0.29-2.el10_0.1.aarch64.rpm d8b50559ac8151723dcc63ca4893619c316095d871923957a03c88f084aa3f63
ppc64le mod_http2-2.0.29-2.el10_0.1.ppc64le.rpm 805ae2388401b7fae22939267d19d2493366c7b6eb60daf9ba80e5f900476739
s390x mod_http2-2.0.29-2.el10_0.1.s390x.rpm 13f141885171a367825bce4c415841ff33413b4210f9cc5c0d0fef550e561bb4
x86_64 mod_http2-2.0.29-2.el10_0.1.x86_64.rpm 38c40a86505f3cb8c9eed8d98cc48a08497854a92374619d00724b45850c108e
x86_64_v2 mod_http2-2.0.29-2.el10_0.1.x86_64_v2.rpm 5a4b4ee456b79b41494aa40ed2984eb75211245ee1b46012d1504b1872c3b5bd
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.