[ALSA-2024:2368] Moderate: mod_http2 security update
Type:
security
Severity:
moderate
Release date:
2024-05-07
Description:
The mod_http2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. Security Fix(es): * httpd: mod_http2: DoS in HTTP/2 with initial window size 0 (CVE-2023-43622) * mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487) (CVE-2023-45802) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 mod_http2-2.0.26-1.el9.aarch64.rpm 671dde3251a224c0321f84b8b3f45428d7f1d6ea1803211efe4305fdda254432
ppc64le mod_http2-2.0.26-1.el9.ppc64le.rpm 48ab6d79c01b6880d205b17345fe94b82642b200d3654b71e6f73f9f6c16853c
s390x mod_http2-2.0.26-1.el9.s390x.rpm edddcc9b8fcc5e1a318b3136aa8f784ba1aade9452cb270b086be95a68df9953
x86_64 mod_http2-2.0.26-1.el9.x86_64.rpm c332582cc39eaf28cdbf2a5021def1a1dcb76c20d0b299082ed92cba7a2b3dec
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.