[ALSA-2024:8680] Low: mod_http2 security update
Type:
security
Severity:
low
Release date:
2024-10-31
Description:
The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. Security Fix(es): * mod_http2: DoS by null pointer in websocket over HTTP/2 (CVE-2024-36387) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 mod_http2-2.0.26-2.el9_4.1.aarch64.rpm 878ba4a1e4850ef8bb27237e84de0223afe0a1f9faaa1cbc5cbaca68ae8e67ce
ppc64le mod_http2-2.0.26-2.el9_4.1.ppc64le.rpm 7d538c088c198c3dbe0bbd942c2392134524d39d10bac8aabd229c61c1b5bd80
s390x mod_http2-2.0.26-2.el9_4.1.s390x.rpm 6e7aa13aa204be5b2ffd2adf926ee99c2e499a706c57f1410992e694d1cc8611
x86_64 mod_http2-2.0.26-2.el9_4.1.x86_64.rpm 8d90f80731bd39f7fa90b0b3731d3f78222c9ce3c097e987ff813f9b4ff2aaca
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.