ALSA-2026:25057

[ALSA-2026:25057] Important: mod_http2 security update

Type:

security

Severity:

important

Release date:

2026-06-11

Description:

The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.  

Security Fix(es):  

  * httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack (CVE-2026-49975)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	mod_http2-2.0.26-6.el9_8.1.aarch64.rpm	34834eddd6a505411726ae2c6fcc7d67b4cb6107c81cc7bc47755daece8ee85d
ppc64le	mod_http2-2.0.26-6.el9_8.1.ppc64le.rpm	a9ef1e6483ddaf7ac74cbbffa582c44324ec7bc596c2c69a5543b7db99497b00
s390x	mod_http2-2.0.26-6.el9_8.1.s390x.rpm	833d5f7cf871602d1015e93396a8ec12e5f96307c7d02e6ee101a70a3d7c1628
x86_64	mod_http2-2.0.26-6.el9_8.1.x86_64.rpm	f093097a0de4ddf6ed83b60956fbc66096d72671c49970024ffa235a7306df15

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.