[ALSA-2026:30844] Moderate: mod_md security update
Type:
security
Severity:
moderate
Release date:
2026-06-30
Description:
This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal. Security Fix(es): * httpd: mod_md: unrestricted OCSP response leads to resource exhaustion (CVE-2026-29168) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 mod_md-2.4.26-2.el9_8.1.aarch64.rpm 34af1fc770f569c4c0e3fddc48fb46a4ff14ba025ba51450a9c0bd9a529b41cc
ppc64le mod_md-2.4.26-2.el9_8.1.ppc64le.rpm 9301afd8ad52ac1e330b09231bc0eb5c490d4e7edb1308e30873f22d8f4eaa1d
s390x mod_md-2.4.26-2.el9_8.1.s390x.rpm 148a8933792eeaa2165fef87cad431ac94aec387725ddc44ad1846fd529f720f
x86_64 mod_md-2.4.26-2.el9_8.1.x86_64.rpm e900debba01ec0223c172a239a036313d49e0bf036e9bff3f1d5585ef493d94b
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.