ALSA-2025:14983

[ALSA-2025:14983] Moderate: mod_http2 security update

Type:

security

Severity:

moderate

Release date:

2025-09-02

Description:

The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.  

Security Fix(es):  

  * httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module (CVE-2025-49630)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	mod_http2-2.0.26-4.el9_6.1.aarch64.rpm	c98cd4899f2682a516636714cd2461b2d7479345833ce8016f41bdda58a2aeb2
ppc64le	mod_http2-2.0.26-4.el9_6.1.ppc64le.rpm	0f262e1324c61799c470161cb12c71cfeced73fab3a97aba2ceea9338b1ed58f
s390x	mod_http2-2.0.26-4.el9_6.1.s390x.rpm	0404f83a056b857d681ca9e1d540044bc92200388f4f43b1305f919a86141830
x86_64	mod_http2-2.0.26-4.el9_6.1.x86_64.rpm	e9c73bef32bc2f27832e7bd3850632fff6ef32abdb9add61ffc109c85bae5642

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.