ALSA-2026:25225

[ALSA-2026:25225] Important: mod_http2 security update

Type:

security

Severity:

important

Release date:

2026-06-11

Description:

The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.  

Security Fix(es):  

  * httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack (CVE-2026-49975)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	mod_http2-2.0.29-4.el10_2.1.aarch64.rpm	5a038f074e4f2a689831e442e0015291c4984d72f0295f7c4263bc8d5036f333
ppc64le	mod_http2-2.0.29-4.el10_2.1.ppc64le.rpm	27508aea561b0cba58193f0d3d7d6bda6fb9fc4eaa4b56f79be2f59305db074e
s390x	mod_http2-2.0.29-4.el10_2.1.s390x.rpm	430e5e90019830b4bf33ee9f9ccad35b567bc088c402fa48a35d75cc5f358cc2
x86_64	mod_http2-2.0.29-4.el10_2.1.x86_64.rpm	fc323779c4f868a79000bf89f45bd40e8a5cf6b653f11b1bc34eb5efb35fe702
x86_64_v2	mod_http2-2.0.29-4.el10_2.1.x86_64_v2.rpm	d715908169ddbe86dbb7dc171384ab7a218aca1d85b7e2f419fede78119d2399

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.