Red Hat Product Errata RHSA-2024:8680 - Security Advisory
Issued:
2024-10-30
Updated:
2024-10-30

RHSA-2024:8680 - Security Advisory

Synopsis

Low: mod_http2 security update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for mod_http2 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.

Security Fix(es):

  • mod_http2: DoS by null pointer in websocket over HTTP/2 (CVE-2024-36387)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x

Fixes

  • BZ - 2295006 - CVE-2024-36387 mod_http2: DoS by null pointer in websocket over HTTP/2

Red Hat Enterprise Linux for x86_64 9

SRPM
mod_http2-2.0.26-2.el9_4.1.src.rpm SHA-256: 84ade4f5903035d50f4a2c85e5ea5e168668ced889d451f8c719c92045030891
x86_64
mod_http2-2.0.26-2.el9_4.1.x86_64.rpm SHA-256: b9bd9503405dadb60cefa101527bfbd34d08d04cd1e676eaaf71a858f263434c
mod_http2-debuginfo-2.0.26-2.el9_4.1.x86_64.rpm SHA-256: 7829f375a8544ccfc3cb1451e063b6ba74986a2be5b30327437a0443938dd6c9
mod_http2-debugsource-2.0.26-2.el9_4.1.x86_64.rpm SHA-256: b5d05305853879a67c62f7f63a6346d9fe947fde1f605ef5212d107e3eb850aa

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6

SRPM
mod_http2-2.0.26-2.el9_4.1.src.rpm SHA-256: 84ade4f5903035d50f4a2c85e5ea5e168668ced889d451f8c719c92045030891
x86_64
mod_http2-2.0.26-2.el9_4.1.x86_64.rpm SHA-256: b9bd9503405dadb60cefa101527bfbd34d08d04cd1e676eaaf71a858f263434c
mod_http2-debuginfo-2.0.26-2.el9_4.1.x86_64.rpm SHA-256: 7829f375a8544ccfc3cb1451e063b6ba74986a2be5b30327437a0443938dd6c9
mod_http2-debugsource-2.0.26-2.el9_4.1.x86_64.rpm SHA-256: b5d05305853879a67c62f7f63a6346d9fe947fde1f605ef5212d107e3eb850aa

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
mod_http2-2.0.26-2.el9_4.1.src.rpm SHA-256: 84ade4f5903035d50f4a2c85e5ea5e168668ced889d451f8c719c92045030891
x86_64
mod_http2-2.0.26-2.el9_4.1.x86_64.rpm SHA-256: b9bd9503405dadb60cefa101527bfbd34d08d04cd1e676eaaf71a858f263434c
mod_http2-debuginfo-2.0.26-2.el9_4.1.x86_64.rpm SHA-256: 7829f375a8544ccfc3cb1451e063b6ba74986a2be5b30327437a0443938dd6c9
mod_http2-debugsource-2.0.26-2.el9_4.1.x86_64.rpm SHA-256: b5d05305853879a67c62f7f63a6346d9fe947fde1f605ef5212d107e3eb850aa

Red Hat Enterprise Linux Server - AUS 9.6

SRPM
mod_http2-2.0.26-2.el9_4.1.src.rpm SHA-256: 84ade4f5903035d50f4a2c85e5ea5e168668ced889d451f8c719c92045030891
x86_64
mod_http2-2.0.26-2.el9_4.1.x86_64.rpm SHA-256: b9bd9503405dadb60cefa101527bfbd34d08d04cd1e676eaaf71a858f263434c
mod_http2-debuginfo-2.0.26-2.el9_4.1.x86_64.rpm SHA-256: 7829f375a8544ccfc3cb1451e063b6ba74986a2be5b30327437a0443938dd6c9
mod_http2-debugsource-2.0.26-2.el9_4.1.x86_64.rpm SHA-256: b5d05305853879a67c62f7f63a6346d9fe947fde1f605ef5212d107e3eb850aa

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
mod_http2-2.0.26-2.el9_4.1.src.rpm SHA-256: 84ade4f5903035d50f4a2c85e5ea5e168668ced889d451f8c719c92045030891
x86_64
mod_http2-2.0.26-2.el9_4.1.x86_64.rpm SHA-256: b9bd9503405dadb60cefa101527bfbd34d08d04cd1e676eaaf71a858f263434c
mod_http2-debuginfo-2.0.26-2.el9_4.1.x86_64.rpm SHA-256: 7829f375a8544ccfc3cb1451e063b6ba74986a2be5b30327437a0443938dd6c9
mod_http2-debugsource-2.0.26-2.el9_4.1.x86_64.rpm SHA-256: b5d05305853879a67c62f7f63a6346d9fe947fde1f605ef5212d107e3eb850aa

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
mod_http2-2.0.26-2.el9_4.1.src.rpm SHA-256: 84ade4f5903035d50f4a2c85e5ea5e168668ced889d451f8c719c92045030891
s390x
mod_http2-2.0.26-2.el9_4.1.s390x.rpm SHA-256: 27415783a00368400889cdd18502c0c8be575c8f144cb542f1ee752c2c32eafe
mod_http2-debuginfo-2.0.26-2.el9_4.1.s390x.rpm SHA-256: 69f629b26188ceaaa0830566cad9f1cb2bf201ebe8336e133e158914bcff1675
mod_http2-debugsource-2.0.26-2.el9_4.1.s390x.rpm SHA-256: 56a9e4a14d330baa5cdba90ea19582bd3f753b104985cc0275a1a229a8d54d3f

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6

SRPM
mod_http2-2.0.26-2.el9_4.1.src.rpm SHA-256: 84ade4f5903035d50f4a2c85e5ea5e168668ced889d451f8c719c92045030891
s390x
mod_http2-2.0.26-2.el9_4.1.s390x.rpm SHA-256: 27415783a00368400889cdd18502c0c8be575c8f144cb542f1ee752c2c32eafe
mod_http2-debuginfo-2.0.26-2.el9_4.1.s390x.rpm SHA-256: 69f629b26188ceaaa0830566cad9f1cb2bf201ebe8336e133e158914bcff1675
mod_http2-debugsource-2.0.26-2.el9_4.1.s390x.rpm SHA-256: 56a9e4a14d330baa5cdba90ea19582bd3f753b104985cc0275a1a229a8d54d3f

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
mod_http2-2.0.26-2.el9_4.1.src.rpm SHA-256: 84ade4f5903035d50f4a2c85e5ea5e168668ced889d451f8c719c92045030891
s390x
mod_http2-2.0.26-2.el9_4.1.s390x.rpm SHA-256: 27415783a00368400889cdd18502c0c8be575c8f144cb542f1ee752c2c32eafe
mod_http2-debuginfo-2.0.26-2.el9_4.1.s390x.rpm SHA-256: 69f629b26188ceaaa0830566cad9f1cb2bf201ebe8336e133e158914bcff1675
mod_http2-debugsource-2.0.26-2.el9_4.1.s390x.rpm SHA-256: 56a9e4a14d330baa5cdba90ea19582bd3f753b104985cc0275a1a229a8d54d3f

Red Hat Enterprise Linux for Power, little endian 9

SRPM
mod_http2-2.0.26-2.el9_4.1.src.rpm SHA-256: 84ade4f5903035d50f4a2c85e5ea5e168668ced889d451f8c719c92045030891
ppc64le
mod_http2-2.0.26-2.el9_4.1.ppc64le.rpm SHA-256: e421d147b245cfe89b5fe3b8069a3a6439d29e685bdd9e64da7f51810075ec9c
mod_http2-debuginfo-2.0.26-2.el9_4.1.ppc64le.rpm SHA-256: 5f096ef42f84e828bc9c3cc90eee95c3d78ee422ff759f1ec6c819a201644557
mod_http2-debugsource-2.0.26-2.el9_4.1.ppc64le.rpm SHA-256: d2a8765a3e91a06fd14a138680d8e7325e80faa6aa00e2e03e90e99e9cce2c01

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6

SRPM
mod_http2-2.0.26-2.el9_4.1.src.rpm SHA-256: 84ade4f5903035d50f4a2c85e5ea5e168668ced889d451f8c719c92045030891
ppc64le
mod_http2-2.0.26-2.el9_4.1.ppc64le.rpm SHA-256: e421d147b245cfe89b5fe3b8069a3a6439d29e685bdd9e64da7f51810075ec9c
mod_http2-debuginfo-2.0.26-2.el9_4.1.ppc64le.rpm SHA-256: 5f096ef42f84e828bc9c3cc90eee95c3d78ee422ff759f1ec6c819a201644557
mod_http2-debugsource-2.0.26-2.el9_4.1.ppc64le.rpm SHA-256: d2a8765a3e91a06fd14a138680d8e7325e80faa6aa00e2e03e90e99e9cce2c01

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
mod_http2-2.0.26-2.el9_4.1.src.rpm SHA-256: 84ade4f5903035d50f4a2c85e5ea5e168668ced889d451f8c719c92045030891
ppc64le
mod_http2-2.0.26-2.el9_4.1.ppc64le.rpm SHA-256: e421d147b245cfe89b5fe3b8069a3a6439d29e685bdd9e64da7f51810075ec9c
mod_http2-debuginfo-2.0.26-2.el9_4.1.ppc64le.rpm SHA-256: 5f096ef42f84e828bc9c3cc90eee95c3d78ee422ff759f1ec6c819a201644557
mod_http2-debugsource-2.0.26-2.el9_4.1.ppc64le.rpm SHA-256: d2a8765a3e91a06fd14a138680d8e7325e80faa6aa00e2e03e90e99e9cce2c01

Red Hat Enterprise Linux for ARM 64 9

SRPM
mod_http2-2.0.26-2.el9_4.1.src.rpm SHA-256: 84ade4f5903035d50f4a2c85e5ea5e168668ced889d451f8c719c92045030891
aarch64
mod_http2-2.0.26-2.el9_4.1.aarch64.rpm SHA-256: 9e348b22afa7c41b1750e6542149012bca338780a26eb9a9d68159edfa403a96
mod_http2-debuginfo-2.0.26-2.el9_4.1.aarch64.rpm SHA-256: 1f9a5d49d3021942966ad19c41d1ff34e47d454cd97fa9bf964a3f56f76f5f12
mod_http2-debugsource-2.0.26-2.el9_4.1.aarch64.rpm SHA-256: 5eb9ec95dac9e2639bb38a3228a95b0f0bafadb7ef1a243039e0eb53e896df1f

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6

SRPM
mod_http2-2.0.26-2.el9_4.1.src.rpm SHA-256: 84ade4f5903035d50f4a2c85e5ea5e168668ced889d451f8c719c92045030891
aarch64
mod_http2-2.0.26-2.el9_4.1.aarch64.rpm SHA-256: 9e348b22afa7c41b1750e6542149012bca338780a26eb9a9d68159edfa403a96
mod_http2-debuginfo-2.0.26-2.el9_4.1.aarch64.rpm SHA-256: 1f9a5d49d3021942966ad19c41d1ff34e47d454cd97fa9bf964a3f56f76f5f12
mod_http2-debugsource-2.0.26-2.el9_4.1.aarch64.rpm SHA-256: 5eb9ec95dac9e2639bb38a3228a95b0f0bafadb7ef1a243039e0eb53e896df1f

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
mod_http2-2.0.26-2.el9_4.1.src.rpm SHA-256: 84ade4f5903035d50f4a2c85e5ea5e168668ced889d451f8c719c92045030891
aarch64
mod_http2-2.0.26-2.el9_4.1.aarch64.rpm SHA-256: 9e348b22afa7c41b1750e6542149012bca338780a26eb9a9d68159edfa403a96
mod_http2-debuginfo-2.0.26-2.el9_4.1.aarch64.rpm SHA-256: 1f9a5d49d3021942966ad19c41d1ff34e47d454cd97fa9bf964a3f56f76f5f12
mod_http2-debugsource-2.0.26-2.el9_4.1.aarch64.rpm SHA-256: 5eb9ec95dac9e2639bb38a3228a95b0f0bafadb7ef1a243039e0eb53e896df1f

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6

SRPM
mod_http2-2.0.26-2.el9_4.1.src.rpm SHA-256: 84ade4f5903035d50f4a2c85e5ea5e168668ced889d451f8c719c92045030891
ppc64le
mod_http2-2.0.26-2.el9_4.1.ppc64le.rpm SHA-256: e421d147b245cfe89b5fe3b8069a3a6439d29e685bdd9e64da7f51810075ec9c
mod_http2-debuginfo-2.0.26-2.el9_4.1.ppc64le.rpm SHA-256: 5f096ef42f84e828bc9c3cc90eee95c3d78ee422ff759f1ec6c819a201644557
mod_http2-debugsource-2.0.26-2.el9_4.1.ppc64le.rpm SHA-256: d2a8765a3e91a06fd14a138680d8e7325e80faa6aa00e2e03e90e99e9cce2c01

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
mod_http2-2.0.26-2.el9_4.1.src.rpm SHA-256: 84ade4f5903035d50f4a2c85e5ea5e168668ced889d451f8c719c92045030891
ppc64le
mod_http2-2.0.26-2.el9_4.1.ppc64le.rpm SHA-256: e421d147b245cfe89b5fe3b8069a3a6439d29e685bdd9e64da7f51810075ec9c
mod_http2-debuginfo-2.0.26-2.el9_4.1.ppc64le.rpm SHA-256: 5f096ef42f84e828bc9c3cc90eee95c3d78ee422ff759f1ec6c819a201644557
mod_http2-debugsource-2.0.26-2.el9_4.1.ppc64le.rpm SHA-256: d2a8765a3e91a06fd14a138680d8e7325e80faa6aa00e2e03e90e99e9cce2c01

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6

SRPM
mod_http2-2.0.26-2.el9_4.1.src.rpm SHA-256: 84ade4f5903035d50f4a2c85e5ea5e168668ced889d451f8c719c92045030891
x86_64
mod_http2-2.0.26-2.el9_4.1.x86_64.rpm SHA-256: b9bd9503405dadb60cefa101527bfbd34d08d04cd1e676eaaf71a858f263434c
mod_http2-debuginfo-2.0.26-2.el9_4.1.x86_64.rpm SHA-256: 7829f375a8544ccfc3cb1451e063b6ba74986a2be5b30327437a0443938dd6c9
mod_http2-debugsource-2.0.26-2.el9_4.1.x86_64.rpm SHA-256: b5d05305853879a67c62f7f63a6346d9fe947fde1f605ef5212d107e3eb850aa

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
mod_http2-2.0.26-2.el9_4.1.src.rpm SHA-256: 84ade4f5903035d50f4a2c85e5ea5e168668ced889d451f8c719c92045030891
x86_64
mod_http2-2.0.26-2.el9_4.1.x86_64.rpm SHA-256: b9bd9503405dadb60cefa101527bfbd34d08d04cd1e676eaaf71a858f263434c
mod_http2-debuginfo-2.0.26-2.el9_4.1.x86_64.rpm SHA-256: 7829f375a8544ccfc3cb1451e063b6ba74986a2be5b30327437a0443938dd6c9
mod_http2-debugsource-2.0.26-2.el9_4.1.x86_64.rpm SHA-256: b5d05305853879a67c62f7f63a6346d9fe947fde1f605ef5212d107e3eb850aa

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6

SRPM
mod_http2-2.0.26-2.el9_4.1.src.rpm SHA-256: 84ade4f5903035d50f4a2c85e5ea5e168668ced889d451f8c719c92045030891
aarch64
mod_http2-2.0.26-2.el9_4.1.aarch64.rpm SHA-256: 9e348b22afa7c41b1750e6542149012bca338780a26eb9a9d68159edfa403a96
mod_http2-debuginfo-2.0.26-2.el9_4.1.aarch64.rpm SHA-256: 1f9a5d49d3021942966ad19c41d1ff34e47d454cd97fa9bf964a3f56f76f5f12
mod_http2-debugsource-2.0.26-2.el9_4.1.aarch64.rpm SHA-256: 5eb9ec95dac9e2639bb38a3228a95b0f0bafadb7ef1a243039e0eb53e896df1f

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
mod_http2-2.0.26-2.el9_4.1.src.rpm SHA-256: 84ade4f5903035d50f4a2c85e5ea5e168668ced889d451f8c719c92045030891
aarch64
mod_http2-2.0.26-2.el9_4.1.aarch64.rpm SHA-256: 9e348b22afa7c41b1750e6542149012bca338780a26eb9a9d68159edfa403a96
mod_http2-debuginfo-2.0.26-2.el9_4.1.aarch64.rpm SHA-256: 1f9a5d49d3021942966ad19c41d1ff34e47d454cd97fa9bf964a3f56f76f5f12
mod_http2-debugsource-2.0.26-2.el9_4.1.aarch64.rpm SHA-256: 5eb9ec95dac9e2639bb38a3228a95b0f0bafadb7ef1a243039e0eb53e896df1f

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6

SRPM
mod_http2-2.0.26-2.el9_4.1.src.rpm SHA-256: 84ade4f5903035d50f4a2c85e5ea5e168668ced889d451f8c719c92045030891
s390x
mod_http2-2.0.26-2.el9_4.1.s390x.rpm SHA-256: 27415783a00368400889cdd18502c0c8be575c8f144cb542f1ee752c2c32eafe
mod_http2-debuginfo-2.0.26-2.el9_4.1.s390x.rpm SHA-256: 69f629b26188ceaaa0830566cad9f1cb2bf201ebe8336e133e158914bcff1675
mod_http2-debugsource-2.0.26-2.el9_4.1.s390x.rpm SHA-256: 56a9e4a14d330baa5cdba90ea19582bd3f753b104985cc0275a1a229a8d54d3f

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
mod_http2-2.0.26-2.el9_4.1.src.rpm SHA-256: 84ade4f5903035d50f4a2c85e5ea5e168668ced889d451f8c719c92045030891
s390x
mod_http2-2.0.26-2.el9_4.1.s390x.rpm SHA-256: 27415783a00368400889cdd18502c0c8be575c8f144cb542f1ee752c2c32eafe
mod_http2-debuginfo-2.0.26-2.el9_4.1.s390x.rpm SHA-256: 69f629b26188ceaaa0830566cad9f1cb2bf201ebe8336e133e158914bcff1675
mod_http2-debugsource-2.0.26-2.el9_4.1.s390x.rpm SHA-256: 56a9e4a14d330baa5cdba90ea19582bd3f753b104985cc0275a1a229a8d54d3f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.