Synopsis
Moderate: mod_http2 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for mod_http2 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The mod_http2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.
Security Fix(es):
- httpd: mod_http2: DoS in HTTP/2 with initial window size 0 (CVE-2023-43622)
- mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487) (CVE-2023-45802)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.
Affected Products
-
Red Hat Enterprise Linux for x86_64 9 x86_64
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
-
Red Hat Enterprise Linux Server - AUS 9.6 x86_64
-
Red Hat Enterprise Linux Server - AUS 9.4 x86_64
-
Red Hat Enterprise Linux for IBM z Systems 9 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
-
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
-
Red Hat Enterprise Linux for ARM 64 9 aarch64
-
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
-
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
-
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
-
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
-
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
-
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
-
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
-
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
-
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x
-
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x
Fixes
-
BZ - 2243877
- CVE-2023-45802 mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487)
-
BZ - 2245153
- CVE-2023-43622 httpd: mod_http2: DoS in HTTP/2 with initial window size 0
-
RHEL-14691
- RFE: mod_http2 rebase to 2.0.26
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for x86_64 9
| SRPM |
|
mod_http2-2.0.26-1.el9.src.rpm
|
SHA-256: 788c6bcd7fcbf533590e3388dcbbf76350f6cb97bc0dba0dfb0cd84c4873676f |
| x86_64 |
|
mod_http2-2.0.26-1.el9.x86_64.rpm
|
SHA-256: 5295db4c9bbf5787360c83280921e0031e9096237146344b3c9ae6ae03155a65 |
|
mod_http2-debuginfo-2.0.26-1.el9.x86_64.rpm
|
SHA-256: 303f928ccd863e21bd07c73c44397aa5f84a53e45c6027c126cd29ab21f27d41 |
|
mod_http2-debugsource-2.0.26-1.el9.x86_64.rpm
|
SHA-256: 591af31aa8616b7e5d7480d0cbea618dc24735921afd29006f7fb7d2bcddb224 |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6
| SRPM |
|
mod_http2-2.0.26-1.el9.src.rpm
|
SHA-256: 788c6bcd7fcbf533590e3388dcbbf76350f6cb97bc0dba0dfb0cd84c4873676f |
| x86_64 |
|
mod_http2-2.0.26-1.el9.x86_64.rpm
|
SHA-256: 5295db4c9bbf5787360c83280921e0031e9096237146344b3c9ae6ae03155a65 |
|
mod_http2-debuginfo-2.0.26-1.el9.x86_64.rpm
|
SHA-256: 303f928ccd863e21bd07c73c44397aa5f84a53e45c6027c126cd29ab21f27d41 |
|
mod_http2-debugsource-2.0.26-1.el9.x86_64.rpm
|
SHA-256: 591af31aa8616b7e5d7480d0cbea618dc24735921afd29006f7fb7d2bcddb224 |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4
| SRPM |
|
mod_http2-2.0.26-1.el9.src.rpm
|
SHA-256: 788c6bcd7fcbf533590e3388dcbbf76350f6cb97bc0dba0dfb0cd84c4873676f |
| x86_64 |
|
mod_http2-2.0.26-1.el9.x86_64.rpm
|
SHA-256: 5295db4c9bbf5787360c83280921e0031e9096237146344b3c9ae6ae03155a65 |
|
mod_http2-debuginfo-2.0.26-1.el9.x86_64.rpm
|
SHA-256: 303f928ccd863e21bd07c73c44397aa5f84a53e45c6027c126cd29ab21f27d41 |
|
mod_http2-debugsource-2.0.26-1.el9.x86_64.rpm
|
SHA-256: 591af31aa8616b7e5d7480d0cbea618dc24735921afd29006f7fb7d2bcddb224 |
Red Hat Enterprise Linux Server - AUS 9.6
| SRPM |
|
mod_http2-2.0.26-1.el9.src.rpm
|
SHA-256: 788c6bcd7fcbf533590e3388dcbbf76350f6cb97bc0dba0dfb0cd84c4873676f |
| x86_64 |
|
mod_http2-2.0.26-1.el9.x86_64.rpm
|
SHA-256: 5295db4c9bbf5787360c83280921e0031e9096237146344b3c9ae6ae03155a65 |
|
mod_http2-debuginfo-2.0.26-1.el9.x86_64.rpm
|
SHA-256: 303f928ccd863e21bd07c73c44397aa5f84a53e45c6027c126cd29ab21f27d41 |
|
mod_http2-debugsource-2.0.26-1.el9.x86_64.rpm
|
SHA-256: 591af31aa8616b7e5d7480d0cbea618dc24735921afd29006f7fb7d2bcddb224 |
Red Hat Enterprise Linux Server - AUS 9.4
| SRPM |
|
mod_http2-2.0.26-1.el9.src.rpm
|
SHA-256: 788c6bcd7fcbf533590e3388dcbbf76350f6cb97bc0dba0dfb0cd84c4873676f |
| x86_64 |
|
mod_http2-2.0.26-1.el9.x86_64.rpm
|
SHA-256: 5295db4c9bbf5787360c83280921e0031e9096237146344b3c9ae6ae03155a65 |
|
mod_http2-debuginfo-2.0.26-1.el9.x86_64.rpm
|
SHA-256: 303f928ccd863e21bd07c73c44397aa5f84a53e45c6027c126cd29ab21f27d41 |
|
mod_http2-debugsource-2.0.26-1.el9.x86_64.rpm
|
SHA-256: 591af31aa8616b7e5d7480d0cbea618dc24735921afd29006f7fb7d2bcddb224 |
Red Hat Enterprise Linux for IBM z Systems 9
| SRPM |
|
mod_http2-2.0.26-1.el9.src.rpm
|
SHA-256: 788c6bcd7fcbf533590e3388dcbbf76350f6cb97bc0dba0dfb0cd84c4873676f |
| s390x |
|
mod_http2-2.0.26-1.el9.s390x.rpm
|
SHA-256: 2b8823e856cb6014b8d075afa2c254dd2c95d4124580af1a4232c741ece34012 |
|
mod_http2-debuginfo-2.0.26-1.el9.s390x.rpm
|
SHA-256: 255136025cd9c49e637f49d6ed062dcb6d3bd0a348446d0d5fbf9b14cec969db |
|
mod_http2-debugsource-2.0.26-1.el9.s390x.rpm
|
SHA-256: 8c9f15501a9c303470ebbedcd73bb1cd94af7c59d1a025f370750a2afe81e8c9 |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6
| SRPM |
|
mod_http2-2.0.26-1.el9.src.rpm
|
SHA-256: 788c6bcd7fcbf533590e3388dcbbf76350f6cb97bc0dba0dfb0cd84c4873676f |
| s390x |
|
mod_http2-2.0.26-1.el9.s390x.rpm
|
SHA-256: 2b8823e856cb6014b8d075afa2c254dd2c95d4124580af1a4232c741ece34012 |
|
mod_http2-debuginfo-2.0.26-1.el9.s390x.rpm
|
SHA-256: 255136025cd9c49e637f49d6ed062dcb6d3bd0a348446d0d5fbf9b14cec969db |
|
mod_http2-debugsource-2.0.26-1.el9.s390x.rpm
|
SHA-256: 8c9f15501a9c303470ebbedcd73bb1cd94af7c59d1a025f370750a2afe81e8c9 |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4
| SRPM |
|
mod_http2-2.0.26-1.el9.src.rpm
|
SHA-256: 788c6bcd7fcbf533590e3388dcbbf76350f6cb97bc0dba0dfb0cd84c4873676f |
| s390x |
|
mod_http2-2.0.26-1.el9.s390x.rpm
|
SHA-256: 2b8823e856cb6014b8d075afa2c254dd2c95d4124580af1a4232c741ece34012 |
|
mod_http2-debuginfo-2.0.26-1.el9.s390x.rpm
|
SHA-256: 255136025cd9c49e637f49d6ed062dcb6d3bd0a348446d0d5fbf9b14cec969db |
|
mod_http2-debugsource-2.0.26-1.el9.s390x.rpm
|
SHA-256: 8c9f15501a9c303470ebbedcd73bb1cd94af7c59d1a025f370750a2afe81e8c9 |
Red Hat Enterprise Linux for Power, little endian 9
| SRPM |
|
mod_http2-2.0.26-1.el9.src.rpm
|
SHA-256: 788c6bcd7fcbf533590e3388dcbbf76350f6cb97bc0dba0dfb0cd84c4873676f |
| ppc64le |
|
mod_http2-2.0.26-1.el9.ppc64le.rpm
|
SHA-256: 13aad88af1ec184a83b56374b27b1c1f201fe7fb268bc1d1f3375e844ad94277 |
|
mod_http2-debuginfo-2.0.26-1.el9.ppc64le.rpm
|
SHA-256: ff685d84490c07117d97282f8a8a4af899eefb5704f0068c647c729c745c2991 |
|
mod_http2-debugsource-2.0.26-1.el9.ppc64le.rpm
|
SHA-256: 5cfcd09d2c06b31219cbc8d3486cfa2a7d09fd706fcc88445261d39388dc1ce3 |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6
| SRPM |
|
mod_http2-2.0.26-1.el9.src.rpm
|
SHA-256: 788c6bcd7fcbf533590e3388dcbbf76350f6cb97bc0dba0dfb0cd84c4873676f |
| ppc64le |
|
mod_http2-2.0.26-1.el9.ppc64le.rpm
|
SHA-256: 13aad88af1ec184a83b56374b27b1c1f201fe7fb268bc1d1f3375e844ad94277 |
|
mod_http2-debuginfo-2.0.26-1.el9.ppc64le.rpm
|
SHA-256: ff685d84490c07117d97282f8a8a4af899eefb5704f0068c647c729c745c2991 |
|
mod_http2-debugsource-2.0.26-1.el9.ppc64le.rpm
|
SHA-256: 5cfcd09d2c06b31219cbc8d3486cfa2a7d09fd706fcc88445261d39388dc1ce3 |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4
| SRPM |
|
mod_http2-2.0.26-1.el9.src.rpm
|
SHA-256: 788c6bcd7fcbf533590e3388dcbbf76350f6cb97bc0dba0dfb0cd84c4873676f |
| ppc64le |
|
mod_http2-2.0.26-1.el9.ppc64le.rpm
|
SHA-256: 13aad88af1ec184a83b56374b27b1c1f201fe7fb268bc1d1f3375e844ad94277 |
|
mod_http2-debuginfo-2.0.26-1.el9.ppc64le.rpm
|
SHA-256: ff685d84490c07117d97282f8a8a4af899eefb5704f0068c647c729c745c2991 |
|
mod_http2-debugsource-2.0.26-1.el9.ppc64le.rpm
|
SHA-256: 5cfcd09d2c06b31219cbc8d3486cfa2a7d09fd706fcc88445261d39388dc1ce3 |
Red Hat Enterprise Linux for ARM 64 9
| SRPM |
|
mod_http2-2.0.26-1.el9.src.rpm
|
SHA-256: 788c6bcd7fcbf533590e3388dcbbf76350f6cb97bc0dba0dfb0cd84c4873676f |
| aarch64 |
|
mod_http2-2.0.26-1.el9.aarch64.rpm
|
SHA-256: 2db2449288ecec19c16a221d13e86bb619d379e298f431437b72c41f33dcdf8a |
|
mod_http2-debuginfo-2.0.26-1.el9.aarch64.rpm
|
SHA-256: e1e63d72a9585a942d8c5a2f6728ef20bc3b5f68c60c0e940579f41a6cda0ea6 |
|
mod_http2-debugsource-2.0.26-1.el9.aarch64.rpm
|
SHA-256: 577dd766c71ccef9d1fce04dfd2a1a3f60de6bce04ef062c7849af49a0a6afde |
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6
| SRPM |
|
mod_http2-2.0.26-1.el9.src.rpm
|
SHA-256: 788c6bcd7fcbf533590e3388dcbbf76350f6cb97bc0dba0dfb0cd84c4873676f |
| aarch64 |
|
mod_http2-2.0.26-1.el9.aarch64.rpm
|
SHA-256: 2db2449288ecec19c16a221d13e86bb619d379e298f431437b72c41f33dcdf8a |
|
mod_http2-debuginfo-2.0.26-1.el9.aarch64.rpm
|
SHA-256: e1e63d72a9585a942d8c5a2f6728ef20bc3b5f68c60c0e940579f41a6cda0ea6 |
|
mod_http2-debugsource-2.0.26-1.el9.aarch64.rpm
|
SHA-256: 577dd766c71ccef9d1fce04dfd2a1a3f60de6bce04ef062c7849af49a0a6afde |
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4
| SRPM |
|
mod_http2-2.0.26-1.el9.src.rpm
|
SHA-256: 788c6bcd7fcbf533590e3388dcbbf76350f6cb97bc0dba0dfb0cd84c4873676f |
| aarch64 |
|
mod_http2-2.0.26-1.el9.aarch64.rpm
|
SHA-256: 2db2449288ecec19c16a221d13e86bb619d379e298f431437b72c41f33dcdf8a |
|
mod_http2-debuginfo-2.0.26-1.el9.aarch64.rpm
|
SHA-256: e1e63d72a9585a942d8c5a2f6728ef20bc3b5f68c60c0e940579f41a6cda0ea6 |
|
mod_http2-debugsource-2.0.26-1.el9.aarch64.rpm
|
SHA-256: 577dd766c71ccef9d1fce04dfd2a1a3f60de6bce04ef062c7849af49a0a6afde |
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6
| SRPM |
|
mod_http2-2.0.26-1.el9.src.rpm
|
SHA-256: 788c6bcd7fcbf533590e3388dcbbf76350f6cb97bc0dba0dfb0cd84c4873676f |
| ppc64le |
|
mod_http2-2.0.26-1.el9.ppc64le.rpm
|
SHA-256: 13aad88af1ec184a83b56374b27b1c1f201fe7fb268bc1d1f3375e844ad94277 |
|
mod_http2-debuginfo-2.0.26-1.el9.ppc64le.rpm
|
SHA-256: ff685d84490c07117d97282f8a8a4af899eefb5704f0068c647c729c745c2991 |
|
mod_http2-debugsource-2.0.26-1.el9.ppc64le.rpm
|
SHA-256: 5cfcd09d2c06b31219cbc8d3486cfa2a7d09fd706fcc88445261d39388dc1ce3 |
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4
| SRPM |
|
mod_http2-2.0.26-1.el9.src.rpm
|
SHA-256: 788c6bcd7fcbf533590e3388dcbbf76350f6cb97bc0dba0dfb0cd84c4873676f |
| ppc64le |
|
mod_http2-2.0.26-1.el9.ppc64le.rpm
|
SHA-256: 13aad88af1ec184a83b56374b27b1c1f201fe7fb268bc1d1f3375e844ad94277 |
|
mod_http2-debuginfo-2.0.26-1.el9.ppc64le.rpm
|
SHA-256: ff685d84490c07117d97282f8a8a4af899eefb5704f0068c647c729c745c2991 |
|
mod_http2-debugsource-2.0.26-1.el9.ppc64le.rpm
|
SHA-256: 5cfcd09d2c06b31219cbc8d3486cfa2a7d09fd706fcc88445261d39388dc1ce3 |
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6
| SRPM |
|
mod_http2-2.0.26-1.el9.src.rpm
|
SHA-256: 788c6bcd7fcbf533590e3388dcbbf76350f6cb97bc0dba0dfb0cd84c4873676f |
| x86_64 |
|
mod_http2-2.0.26-1.el9.x86_64.rpm
|
SHA-256: 5295db4c9bbf5787360c83280921e0031e9096237146344b3c9ae6ae03155a65 |
|
mod_http2-debuginfo-2.0.26-1.el9.x86_64.rpm
|
SHA-256: 303f928ccd863e21bd07c73c44397aa5f84a53e45c6027c126cd29ab21f27d41 |
|
mod_http2-debugsource-2.0.26-1.el9.x86_64.rpm
|
SHA-256: 591af31aa8616b7e5d7480d0cbea618dc24735921afd29006f7fb7d2bcddb224 |
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4
| SRPM |
|
mod_http2-2.0.26-1.el9.src.rpm
|
SHA-256: 788c6bcd7fcbf533590e3388dcbbf76350f6cb97bc0dba0dfb0cd84c4873676f |
| x86_64 |
|
mod_http2-2.0.26-1.el9.x86_64.rpm
|
SHA-256: 5295db4c9bbf5787360c83280921e0031e9096237146344b3c9ae6ae03155a65 |
|
mod_http2-debuginfo-2.0.26-1.el9.x86_64.rpm
|
SHA-256: 303f928ccd863e21bd07c73c44397aa5f84a53e45c6027c126cd29ab21f27d41 |
|
mod_http2-debugsource-2.0.26-1.el9.x86_64.rpm
|
SHA-256: 591af31aa8616b7e5d7480d0cbea618dc24735921afd29006f7fb7d2bcddb224 |
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6
| SRPM |
|
mod_http2-2.0.26-1.el9.src.rpm
|
SHA-256: 788c6bcd7fcbf533590e3388dcbbf76350f6cb97bc0dba0dfb0cd84c4873676f |
| aarch64 |
|
mod_http2-2.0.26-1.el9.aarch64.rpm
|
SHA-256: 2db2449288ecec19c16a221d13e86bb619d379e298f431437b72c41f33dcdf8a |
|
mod_http2-debuginfo-2.0.26-1.el9.aarch64.rpm
|
SHA-256: e1e63d72a9585a942d8c5a2f6728ef20bc3b5f68c60c0e940579f41a6cda0ea6 |
|
mod_http2-debugsource-2.0.26-1.el9.aarch64.rpm
|
SHA-256: 577dd766c71ccef9d1fce04dfd2a1a3f60de6bce04ef062c7849af49a0a6afde |
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4
| SRPM |
|
mod_http2-2.0.26-1.el9.src.rpm
|
SHA-256: 788c6bcd7fcbf533590e3388dcbbf76350f6cb97bc0dba0dfb0cd84c4873676f |
| aarch64 |
|
mod_http2-2.0.26-1.el9.aarch64.rpm
|
SHA-256: 2db2449288ecec19c16a221d13e86bb619d379e298f431437b72c41f33dcdf8a |
|
mod_http2-debuginfo-2.0.26-1.el9.aarch64.rpm
|
SHA-256: e1e63d72a9585a942d8c5a2f6728ef20bc3b5f68c60c0e940579f41a6cda0ea6 |
|
mod_http2-debugsource-2.0.26-1.el9.aarch64.rpm
|
SHA-256: 577dd766c71ccef9d1fce04dfd2a1a3f60de6bce04ef062c7849af49a0a6afde |
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6
| SRPM |
|
mod_http2-2.0.26-1.el9.src.rpm
|
SHA-256: 788c6bcd7fcbf533590e3388dcbbf76350f6cb97bc0dba0dfb0cd84c4873676f |
| s390x |
|
mod_http2-2.0.26-1.el9.s390x.rpm
|
SHA-256: 2b8823e856cb6014b8d075afa2c254dd2c95d4124580af1a4232c741ece34012 |
|
mod_http2-debuginfo-2.0.26-1.el9.s390x.rpm
|
SHA-256: 255136025cd9c49e637f49d6ed062dcb6d3bd0a348446d0d5fbf9b14cec969db |
|
mod_http2-debugsource-2.0.26-1.el9.s390x.rpm
|
SHA-256: 8c9f15501a9c303470ebbedcd73bb1cd94af7c59d1a025f370750a2afe81e8c9 |
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4
| SRPM |
|
mod_http2-2.0.26-1.el9.src.rpm
|
SHA-256: 788c6bcd7fcbf533590e3388dcbbf76350f6cb97bc0dba0dfb0cd84c4873676f |
| s390x |
|
mod_http2-2.0.26-1.el9.s390x.rpm
|
SHA-256: 2b8823e856cb6014b8d075afa2c254dd2c95d4124580af1a4232c741ece34012 |
|
mod_http2-debuginfo-2.0.26-1.el9.s390x.rpm
|
SHA-256: 255136025cd9c49e637f49d6ed062dcb6d3bd0a348446d0d5fbf9b14cec969db |
|
mod_http2-debugsource-2.0.26-1.el9.s390x.rpm
|
SHA-256: 8c9f15501a9c303470ebbedcd73bb1cd94af7c59d1a025f370750a2afe81e8c9 |
