Red Hat Product Errata RHSA-2024:3402 - Security Advisory
Issued:
2024-05-28
Updated:
2024-05-28

RHSA-2024:3402 - Security Advisory

Synopsis

Moderate: mod_http2 security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for mod_http2 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.

Security Fix(es):

  • httpd: CONTINUATION frames DoS (CVE-2024-27316,VU#421644.4)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x

Fixes

  • BZ - 2268277 - CVE-2024-27316 httpd: CONTINUATION frames DoS

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2

SRPM
mod_http2-1.15.19-4.el9_2.6.src.rpm SHA-256: aa4510cf90b49d030f8364579a59a25b7d01c3f6b8c9c8d6e89ddb2fdf19aa1b
x86_64
mod_http2-1.15.19-4.el9_2.6.x86_64.rpm SHA-256: 40490907726f36daf3a74cda6de8f9f6bb9d441737f60e74f577811fb33c49aa
mod_http2-debuginfo-1.15.19-4.el9_2.6.x86_64.rpm SHA-256: 578823b0062c0b201a70819edc4da00f252011ce773c7306b71eea10d605eac1
mod_http2-debugsource-1.15.19-4.el9_2.6.x86_64.rpm SHA-256: 9d210fd9949349afcaf0dc38f78ee281d5d8f310cd2ae3853bb7fb810202f17b

Red Hat Enterprise Linux Server - AUS 9.2

SRPM
mod_http2-1.15.19-4.el9_2.6.src.rpm SHA-256: aa4510cf90b49d030f8364579a59a25b7d01c3f6b8c9c8d6e89ddb2fdf19aa1b
x86_64
mod_http2-1.15.19-4.el9_2.6.x86_64.rpm SHA-256: 40490907726f36daf3a74cda6de8f9f6bb9d441737f60e74f577811fb33c49aa
mod_http2-debuginfo-1.15.19-4.el9_2.6.x86_64.rpm SHA-256: 578823b0062c0b201a70819edc4da00f252011ce773c7306b71eea10d605eac1
mod_http2-debugsource-1.15.19-4.el9_2.6.x86_64.rpm SHA-256: 9d210fd9949349afcaf0dc38f78ee281d5d8f310cd2ae3853bb7fb810202f17b

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2

SRPM
mod_http2-1.15.19-4.el9_2.6.src.rpm SHA-256: aa4510cf90b49d030f8364579a59a25b7d01c3f6b8c9c8d6e89ddb2fdf19aa1b
s390x
mod_http2-1.15.19-4.el9_2.6.s390x.rpm SHA-256: 6d3080636b3366fd631eed841ea3a94543d531c0d2784bc43d27b294dd1c0338
mod_http2-debuginfo-1.15.19-4.el9_2.6.s390x.rpm SHA-256: 9eb85898b4a8243b01344563a28f7c7a13443374d1c54bda839040fcd7f46f27
mod_http2-debugsource-1.15.19-4.el9_2.6.s390x.rpm SHA-256: ae8a016876ffe61b3d0f6fbc46032fa0b8e678389672cb67910937a18b453b5c

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2

SRPM
mod_http2-1.15.19-4.el9_2.6.src.rpm SHA-256: aa4510cf90b49d030f8364579a59a25b7d01c3f6b8c9c8d6e89ddb2fdf19aa1b
ppc64le
mod_http2-1.15.19-4.el9_2.6.ppc64le.rpm SHA-256: fd7d6645a6b024ab230debacec1c76323925f193da0c5bc9ba32c2146c9163b9
mod_http2-debuginfo-1.15.19-4.el9_2.6.ppc64le.rpm SHA-256: 6279f98d3418a04e7c2eceffedc332676860c3b8de11c49a4828a068ae0a3f4f
mod_http2-debugsource-1.15.19-4.el9_2.6.ppc64le.rpm SHA-256: 842363dafeaad692a2757a00701f7b64d12feb07268bf70d0745d5cfaffce0a5

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2

SRPM
mod_http2-1.15.19-4.el9_2.6.src.rpm SHA-256: aa4510cf90b49d030f8364579a59a25b7d01c3f6b8c9c8d6e89ddb2fdf19aa1b
aarch64
mod_http2-1.15.19-4.el9_2.6.aarch64.rpm SHA-256: 70029eda4315336fdf191b6d86c84ff3ec5c406e3be10b7bb73917466a3a0c45
mod_http2-debuginfo-1.15.19-4.el9_2.6.aarch64.rpm SHA-256: 727db3e976f1b994e123c4b45bfde537b033016c0aa68691c1d275a30031ede9
mod_http2-debugsource-1.15.19-4.el9_2.6.aarch64.rpm SHA-256: 3079d3587dfbbec01dbfa55a0dd561ad830f709f427bc059777341d7b4b6a8bb

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2

SRPM
mod_http2-1.15.19-4.el9_2.6.src.rpm SHA-256: aa4510cf90b49d030f8364579a59a25b7d01c3f6b8c9c8d6e89ddb2fdf19aa1b
ppc64le
mod_http2-1.15.19-4.el9_2.6.ppc64le.rpm SHA-256: fd7d6645a6b024ab230debacec1c76323925f193da0c5bc9ba32c2146c9163b9
mod_http2-debuginfo-1.15.19-4.el9_2.6.ppc64le.rpm SHA-256: 6279f98d3418a04e7c2eceffedc332676860c3b8de11c49a4828a068ae0a3f4f
mod_http2-debugsource-1.15.19-4.el9_2.6.ppc64le.rpm SHA-256: 842363dafeaad692a2757a00701f7b64d12feb07268bf70d0745d5cfaffce0a5

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM
mod_http2-1.15.19-4.el9_2.6.src.rpm SHA-256: aa4510cf90b49d030f8364579a59a25b7d01c3f6b8c9c8d6e89ddb2fdf19aa1b
x86_64
mod_http2-1.15.19-4.el9_2.6.x86_64.rpm SHA-256: 40490907726f36daf3a74cda6de8f9f6bb9d441737f60e74f577811fb33c49aa
mod_http2-debuginfo-1.15.19-4.el9_2.6.x86_64.rpm SHA-256: 578823b0062c0b201a70819edc4da00f252011ce773c7306b71eea10d605eac1
mod_http2-debugsource-1.15.19-4.el9_2.6.x86_64.rpm SHA-256: 9d210fd9949349afcaf0dc38f78ee281d5d8f310cd2ae3853bb7fb810202f17b

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2

SRPM
mod_http2-1.15.19-4.el9_2.6.src.rpm SHA-256: aa4510cf90b49d030f8364579a59a25b7d01c3f6b8c9c8d6e89ddb2fdf19aa1b
aarch64
mod_http2-1.15.19-4.el9_2.6.aarch64.rpm SHA-256: 70029eda4315336fdf191b6d86c84ff3ec5c406e3be10b7bb73917466a3a0c45
mod_http2-debuginfo-1.15.19-4.el9_2.6.aarch64.rpm SHA-256: 727db3e976f1b994e123c4b45bfde537b033016c0aa68691c1d275a30031ede9
mod_http2-debugsource-1.15.19-4.el9_2.6.aarch64.rpm SHA-256: 3079d3587dfbbec01dbfa55a0dd561ad830f709f427bc059777341d7b4b6a8bb

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2

SRPM
mod_http2-1.15.19-4.el9_2.6.src.rpm SHA-256: aa4510cf90b49d030f8364579a59a25b7d01c3f6b8c9c8d6e89ddb2fdf19aa1b
s390x
mod_http2-1.15.19-4.el9_2.6.s390x.rpm SHA-256: 6d3080636b3366fd631eed841ea3a94543d531c0d2784bc43d27b294dd1c0338
mod_http2-debuginfo-1.15.19-4.el9_2.6.s390x.rpm SHA-256: 9eb85898b4a8243b01344563a28f7c7a13443374d1c54bda839040fcd7f46f27
mod_http2-debugsource-1.15.19-4.el9_2.6.s390x.rpm SHA-256: ae8a016876ffe61b3d0f6fbc46032fa0b8e678389672cb67910937a18b453b5c

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2

SRPM
mod_http2-1.15.19-4.el9_2.6.src.rpm SHA-256: aa4510cf90b49d030f8364579a59a25b7d01c3f6b8c9c8d6e89ddb2fdf19aa1b
x86_64
mod_http2-1.15.19-4.el9_2.6.x86_64.rpm SHA-256: 40490907726f36daf3a74cda6de8f9f6bb9d441737f60e74f577811fb33c49aa
mod_http2-debuginfo-1.15.19-4.el9_2.6.x86_64.rpm SHA-256: 578823b0062c0b201a70819edc4da00f252011ce773c7306b71eea10d605eac1
mod_http2-debugsource-1.15.19-4.el9_2.6.x86_64.rpm SHA-256: 9d210fd9949349afcaf0dc38f78ee281d5d8f310cd2ae3853bb7fb810202f17b

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2

SRPM
mod_http2-1.15.19-4.el9_2.6.src.rpm SHA-256: aa4510cf90b49d030f8364579a59a25b7d01c3f6b8c9c8d6e89ddb2fdf19aa1b
aarch64
mod_http2-1.15.19-4.el9_2.6.aarch64.rpm SHA-256: 70029eda4315336fdf191b6d86c84ff3ec5c406e3be10b7bb73917466a3a0c45
mod_http2-debuginfo-1.15.19-4.el9_2.6.aarch64.rpm SHA-256: 727db3e976f1b994e123c4b45bfde537b033016c0aa68691c1d275a30031ede9
mod_http2-debugsource-1.15.19-4.el9_2.6.aarch64.rpm SHA-256: 3079d3587dfbbec01dbfa55a0dd561ad830f709f427bc059777341d7b4b6a8bb

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2

SRPM
mod_http2-1.15.19-4.el9_2.6.src.rpm SHA-256: aa4510cf90b49d030f8364579a59a25b7d01c3f6b8c9c8d6e89ddb2fdf19aa1b
ppc64le
mod_http2-1.15.19-4.el9_2.6.ppc64le.rpm SHA-256: fd7d6645a6b024ab230debacec1c76323925f193da0c5bc9ba32c2146c9163b9
mod_http2-debuginfo-1.15.19-4.el9_2.6.ppc64le.rpm SHA-256: 6279f98d3418a04e7c2eceffedc332676860c3b8de11c49a4828a068ae0a3f4f
mod_http2-debugsource-1.15.19-4.el9_2.6.ppc64le.rpm SHA-256: 842363dafeaad692a2757a00701f7b64d12feb07268bf70d0745d5cfaffce0a5

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2

SRPM
mod_http2-1.15.19-4.el9_2.6.src.rpm SHA-256: aa4510cf90b49d030f8364579a59a25b7d01c3f6b8c9c8d6e89ddb2fdf19aa1b
s390x
mod_http2-1.15.19-4.el9_2.6.s390x.rpm SHA-256: 6d3080636b3366fd631eed841ea3a94543d531c0d2784bc43d27b294dd1c0338
mod_http2-debuginfo-1.15.19-4.el9_2.6.s390x.rpm SHA-256: 9eb85898b4a8243b01344563a28f7c7a13443374d1c54bda839040fcd7f46f27
mod_http2-debugsource-1.15.19-4.el9_2.6.s390x.rpm SHA-256: ae8a016876ffe61b3d0f6fbc46032fa0b8e678389672cb67910937a18b453b5c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.