ALSA-2026:25090

[ALSA-2026:25090] Important: httpd:2.4 security update

Type:

security

Severity:

important

Release date:

2026-06-11

Description:

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.  

Security Fix(es):  

  * httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack (CVE-2026-49975)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	mod_proxy_html-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.aarch64.rpm	228cb31ae87a066d41e4807cb97da2c4c780a4410ffd803880278a3f52de674c
aarch64	mod_ssl-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.aarch64.rpm	5d633225b23cc69175fa0910181f4d9c87808c39967d5db66cea989768d4e257
aarch64	mod_http2-1.15.7-10.module_el8.10.0+4190+704ad79b.6.aarch64.rpm	898f6397cb93f9f9c320b29805d0eed030ba7085366b333461350f7b9d6d6e2d
aarch64	mod_md-2.0.8-8.module_el8.10.0+4088+57f011c1.2.aarch64.rpm	9089a727d04e9e8a6e719c4980ccb7e179a95a0ceda7ac2d69ab335ae0179cd6
aarch64	httpd-devel-2.4.37-65.module_el8.10.0+4190+704ad79b.8.aarch64.rpm	978df40ca3e53027304687d7e1fc2f1a4773b69beaf0ffe0c75d2b46185962f4
aarch64	mod_ldap-2.4.37-65.module_el8.10.0+4190+704ad79b.8.aarch64.rpm	9f496d19148804df5b9953aaf45254c37420510633037a14a615e7bf1a660ba2
aarch64	httpd-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.aarch64.rpm	d1d550e035b9baad3937ec2d9fc900eaddb4d0dcf0dac34b19fd246151d1d874
aarch64	mod_session-2.4.37-65.module_el8.10.0+4190+704ad79b.8.aarch64.rpm	d680d1ef3a5372ab9fbe8616c243bfd3b9434baa09acb970986f3b62748e1f33
aarch64	httpd-tools-2.4.37-65.module_el8.10.0+4190+704ad79b.8.aarch64.rpm	e6fbe497d3795b80e4071640e63814d5f9000739a12d06f193446382c381e3f2
noarch	httpd-filesystem-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.noarch.rpm	63c091aa5ee7062f5e72f3231ae53c1ca12ed29e6a4c6cc66389bc77e3941451
noarch	httpd-manual-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.noarch.rpm	dfa8302abbbc38b9c262b97766ca86a2f91da5996375978f6b8726c34a892728
ppc64le	mod_ldap-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.ppc64le.rpm	4e653317268a21870cb56381314601da97b8b328901309c5deabbb9e3bd0c6e7
ppc64le	mod_session-2.4.37-65.module_el8.10.0+4190+704ad79b.8.ppc64le.rpm	5005bd0cec5a320a875c0d1b6951f92a1850eb458ab5f064772fb300c1ab8843
ppc64le	mod_http2-1.15.7-10.module_el8.10.0+4190+704ad79b.6.ppc64le.rpm	6f6dec630c0777925dadf0163cc9c9047776b86850a7229c7bafb2adc264720b
ppc64le	mod_ssl-2.4.37-65.module_el8.10.0+4190+704ad79b.8.ppc64le.rpm	7f23f6162b012b45517ff22d80fdfbba15445a39c3956c3c19ee3d95d2802073
ppc64le	mod_md-2.0.8-8.module_el8.10.0+4088+57f011c1.2.ppc64le.rpm	ac86f2bf2070a4ae5307d7aa7c99e85dcd02bc0d293c25de3fb8d2a13263e338
ppc64le	mod_proxy_html-2.4.37-65.module_el8.10.0+4190+704ad79b.8.ppc64le.rpm	c04248ed939485a99c075c855b44b204a6a159ff2ab8bda941624e2a0c882125
ppc64le	httpd-devel-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.ppc64le.rpm	c3885a68bddfd6220b4885fdbfc028077317f6ec22c2da783ea2aad3e7f521a5
ppc64le	httpd-tools-2.4.37-65.module_el8.10.0+4190+704ad79b.8.ppc64le.rpm	cc3b3792a7615965939e0a24a1db8920a70345f61140a49512b9064f035685de
ppc64le	httpd-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.ppc64le.rpm	e3bc8dcefc2e3467eacdfdef8fe20af9b55e05a60247d92dd344e686993ac908
s390x	httpd-devel-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.s390x.rpm	3b4d209ed4f225bf591ded9dc0066865dee37e4b12b1a24766220f539d019fe3
s390x	mod_md-2.0.8-8.module_el8.10.0+4088+57f011c1.2.s390x.rpm	51f08f5a2c2c9925c2d8acf5069e109f519302af55ab044dba7de03782591748
s390x	mod_proxy_html-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.s390x.rpm	6adc6434a89ccfa89f334e15455786a73a2b0c708fb24528a8c6ee7aaa5cbda0
s390x	httpd-tools-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.s390x.rpm	76c8ef271a4522a536053e702e49fd9c0ceb10f02fae92fbc2e3466038941595
s390x	httpd-2.4.37-65.module_el8.10.0+4190+704ad79b.8.s390x.rpm	8e863b880b04e4ab5b6a07812eec37620843277a997cdc35b9b06a1a1e5f8c5b
s390x	mod_ldap-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.s390x.rpm	c282deb0935dfcd4ce2c2d3604483855e0f24c24822c720a583a258a5b77f9f6
s390x	mod_http2-1.15.7-10.module_el8.10.0+4190+704ad79b.6.s390x.rpm	eaf0d1dcc6a29ce72e62a2612d7e238c4900249f01bf769b00f8ebb8e84a5c3b
s390x	mod_session-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.s390x.rpm	efc8d69ee706597d51028a0152eb0ffe5de3016b8be8cf80e57767f5b317988e
s390x	mod_ssl-2.4.37-65.module_el8.10.0+4190+704ad79b.8.s390x.rpm	f60bb577e2d48dcf2327ddbbe6d5bd6b8344ba34f964dbd7e4441b667295c864
x86_64	mod_md-2.0.8-8.module_el8.10.0+4088+57f011c1.2.x86_64.rpm	035593075bacc46bb0e52d950bb12cb5cc30744e23799cb27f1962d697ba7e9e
x86_64	mod_session-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.x86_64.rpm	10ece9182c94f4a35d1704f333fec248c3c702c0280d5e2cda990180df139dfa
x86_64	httpd-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.x86_64.rpm	598ffef471b025dcb13a908c9ae92ffd8747ddab29e3465f50e3473a7ed7f50e
x86_64	httpd-devel-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.x86_64.rpm	7e70a95affdb519f06689df2c45f09c1d74736f808a72f3e0d35292064100851
x86_64	mod_ldap-2.4.37-65.module_el8.10.0+4190+704ad79b.8.x86_64.rpm	868773d6bbe914eca86a632e7741e174dcfbe06b167a30b875e26fa756f4f12d
x86_64	httpd-tools-2.4.37-65.module_el8.10.0+4185+0955a0d7.8.x86_64.rpm	99f1cdde5fa17d970901e846a6685586274f12278546da6d9d386e3f10897c8a
x86_64	mod_proxy_html-2.4.37-65.module_el8.10.0+4190+704ad79b.8.x86_64.rpm	e6612f462f8315b53ce6f7866e5f988fca6a2649a0588a6c19f2e27be49ce8c5
x86_64	mod_ssl-2.4.37-65.module_el8.10.0+4190+704ad79b.8.x86_64.rpm	f84c763724ee2d77573b4ab2142b768ce708f2b117091a10031f0fc3813a3e1f
x86_64	mod_http2-1.15.7-10.module_el8.10.0+4190+704ad79b.6.x86_64.rpm	fb9634141b15240069061fe1ea6caf432a3fc4d3cf5297b4b1099b068efc6e4c

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.