Description:
The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.
Security Fix(es):
* httpd: mod_http2: Apache HTTP Server mod_http2: Use After Free vulnerability allows arbitrary code execution or denial of service. (CVE-2026-48913)
* httpd: Apache HTTP Server: Out-of-bounds Read in mod_headers and mod_mime (CVE-2026-43951)
Bug Fix(es) and Enhancement(s):
* address CVE-2026-43951 and CVE-2026-48913 in mod_http2 (JIRA:AlmaLinux-188008)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
mod_http2-2.0.29-4.el10_2.2.aarch64.rpm |
9b89ef86f1c348c9554f9d80f2d7e521100db343b986c49ca87b4e99740bdb7a |
| ppc64le |
mod_http2-2.0.29-4.el10_2.2.ppc64le.rpm |
cfa14898beef41fbf1bb4d766b2d7e3942f16d5c07d71b9e9fc112ec5208eb5e |
| s390x |
mod_http2-2.0.29-4.el10_2.2.s390x.rpm |
f22e8f434b5b8484caf1544560c2acb6ab4b249818b284e1dcc82af305391228 |
| x86_64 |
mod_http2-2.0.29-4.el10_2.2.x86_64.rpm |
c5241eba414dd3c76d1b334aba1ac16df013306c0c1315ae2cebc86013be6a78 |
| x86_64_v2 |
mod_http2-2.0.29-4.el10_2.2.x86_64_v2.rpm |
dc344983f24347a2ae39fc97bbafb7f309e40e10f7d0fe68c99a2d661570dc34 |