[ALSA-2026:34355] Moderate: mod_http2 security, bug fix, and enhancement update
Type:
security
Severity:
moderate
Release date:
2026-07-02
Description:
The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. Security Fix(es): * httpd: mod_http2: Apache HTTP Server mod_http2: Use After Free vulnerability allows arbitrary code execution or denial of service. (CVE-2026-48913) * httpd: Apache HTTP Server: Out-of-bounds Read in mod_headers and mod_mime (CVE-2026-43951) Bug Fix(es) and Enhancement(s): * address CVE-2026-43951 and CVE-2026-48913 in mod_http2 (JIRA:AlmaLinux-188008) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 mod_http2-2.0.29-4.el10_2.2.aarch64.rpm 9b89ef86f1c348c9554f9d80f2d7e521100db343b986c49ca87b4e99740bdb7a
ppc64le mod_http2-2.0.29-4.el10_2.2.ppc64le.rpm cfa14898beef41fbf1bb4d766b2d7e3942f16d5c07d71b9e9fc112ec5208eb5e
s390x mod_http2-2.0.29-4.el10_2.2.s390x.rpm f22e8f434b5b8484caf1544560c2acb6ab4b249818b284e1dcc82af305391228
x86_64 mod_http2-2.0.29-4.el10_2.2.x86_64.rpm c5241eba414dd3c76d1b334aba1ac16df013306c0c1315ae2cebc86013be6a78
x86_64_v2 mod_http2-2.0.29-4.el10_2.2.x86_64_v2.rpm dc344983f24347a2ae39fc97bbafb7f309e40e10f7d0fe68c99a2d661570dc34
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.