Synopsis
Moderate: mod_http2 security update
Type/Severity
Security Advisory: Moderate
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for mod_http2 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.
Security Fix(es):
- httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module (CVE-2025-49630)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
-
Red Hat Enterprise Linux Server - AUS 9.4 x86_64
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
-
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
-
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
-
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
-
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
-
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x
-
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64
-
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64
-
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le
-
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x
Fixes
-
BZ - 2374578
- CVE-2025-49630 httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4
| SRPM |
|
mod_http2-2.0.26-2.el9_4.2.src.rpm
|
SHA-256: d1ef7b0faa4f9a16824500686c8461c0367f32ede34a466ab7160003b8aa2805 |
| x86_64 |
|
mod_http2-2.0.26-2.el9_4.2.x86_64.rpm
|
SHA-256: bbfada7247e9baee82f0675a47a9c479f1c6e981d3e2a86e49b62d447412448e |
|
mod_http2-debuginfo-2.0.26-2.el9_4.2.x86_64.rpm
|
SHA-256: 4a739b39680511aea08198d73575fc8e988f87c8d78f10d07ca5552d8c9c7952 |
|
mod_http2-debugsource-2.0.26-2.el9_4.2.x86_64.rpm
|
SHA-256: e4fae0ecc3daf1cc148da3dbbe5101bffe8deff87fadcdf4ee588326f387735f |
Red Hat Enterprise Linux Server - AUS 9.4
| SRPM |
|
mod_http2-2.0.26-2.el9_4.2.src.rpm
|
SHA-256: d1ef7b0faa4f9a16824500686c8461c0367f32ede34a466ab7160003b8aa2805 |
| x86_64 |
|
mod_http2-2.0.26-2.el9_4.2.x86_64.rpm
|
SHA-256: bbfada7247e9baee82f0675a47a9c479f1c6e981d3e2a86e49b62d447412448e |
|
mod_http2-debuginfo-2.0.26-2.el9_4.2.x86_64.rpm
|
SHA-256: 4a739b39680511aea08198d73575fc8e988f87c8d78f10d07ca5552d8c9c7952 |
|
mod_http2-debugsource-2.0.26-2.el9_4.2.x86_64.rpm
|
SHA-256: e4fae0ecc3daf1cc148da3dbbe5101bffe8deff87fadcdf4ee588326f387735f |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4
| SRPM |
|
mod_http2-2.0.26-2.el9_4.2.src.rpm
|
SHA-256: d1ef7b0faa4f9a16824500686c8461c0367f32ede34a466ab7160003b8aa2805 |
| s390x |
|
mod_http2-2.0.26-2.el9_4.2.s390x.rpm
|
SHA-256: 7445e839934d0160c6369a1544afcbe59aedaff778523d990174c0eb58d3be0f |
|
mod_http2-debuginfo-2.0.26-2.el9_4.2.s390x.rpm
|
SHA-256: 24d339e5db512ea96da7de98936063abd6d3f85387e18a565f16213c1dacea6c |
|
mod_http2-debugsource-2.0.26-2.el9_4.2.s390x.rpm
|
SHA-256: f9be230f3f11a35cd0478799881cb2e804c8cf0060c81d2a11d4540a1a1f741e |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4
| SRPM |
|
mod_http2-2.0.26-2.el9_4.2.src.rpm
|
SHA-256: d1ef7b0faa4f9a16824500686c8461c0367f32ede34a466ab7160003b8aa2805 |
| ppc64le |
|
mod_http2-2.0.26-2.el9_4.2.ppc64le.rpm
|
SHA-256: b149eed6c56df5f3fae0530de10e6fab9e8fd5fffd3c6805a7cb0a541467d16d |
|
mod_http2-debuginfo-2.0.26-2.el9_4.2.ppc64le.rpm
|
SHA-256: 42996277bb553c1af9d75fc73c320153ffbf1c18db657d0ed0cdaad61f89810c |
|
mod_http2-debugsource-2.0.26-2.el9_4.2.ppc64le.rpm
|
SHA-256: 4eba51155fe82bda04ce3805ef35e395f208f56b3755ce23654af3d4c7ce2243 |
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4
| SRPM |
|
mod_http2-2.0.26-2.el9_4.2.src.rpm
|
SHA-256: d1ef7b0faa4f9a16824500686c8461c0367f32ede34a466ab7160003b8aa2805 |
| aarch64 |
|
mod_http2-2.0.26-2.el9_4.2.aarch64.rpm
|
SHA-256: 965eeecee2a85300ca381680ebd7f0cbca873277d0e86a624302f50359ea189d |
|
mod_http2-debuginfo-2.0.26-2.el9_4.2.aarch64.rpm
|
SHA-256: de88782bbc72138b0e45027384ccbdcf5f9721ef2f8fed0d88340a17392d658f |
|
mod_http2-debugsource-2.0.26-2.el9_4.2.aarch64.rpm
|
SHA-256: bd2dcb956815441d63e9c9d2f010b9d2f47ed5b3774af40af852af95e67703c4 |
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4
| SRPM |
|
mod_http2-2.0.26-2.el9_4.2.src.rpm
|
SHA-256: d1ef7b0faa4f9a16824500686c8461c0367f32ede34a466ab7160003b8aa2805 |
| ppc64le |
|
mod_http2-2.0.26-2.el9_4.2.ppc64le.rpm
|
SHA-256: b149eed6c56df5f3fae0530de10e6fab9e8fd5fffd3c6805a7cb0a541467d16d |
|
mod_http2-debuginfo-2.0.26-2.el9_4.2.ppc64le.rpm
|
SHA-256: 42996277bb553c1af9d75fc73c320153ffbf1c18db657d0ed0cdaad61f89810c |
|
mod_http2-debugsource-2.0.26-2.el9_4.2.ppc64le.rpm
|
SHA-256: 4eba51155fe82bda04ce3805ef35e395f208f56b3755ce23654af3d4c7ce2243 |
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4
| SRPM |
|
mod_http2-2.0.26-2.el9_4.2.src.rpm
|
SHA-256: d1ef7b0faa4f9a16824500686c8461c0367f32ede34a466ab7160003b8aa2805 |
| x86_64 |
|
mod_http2-2.0.26-2.el9_4.2.x86_64.rpm
|
SHA-256: bbfada7247e9baee82f0675a47a9c479f1c6e981d3e2a86e49b62d447412448e |
|
mod_http2-debuginfo-2.0.26-2.el9_4.2.x86_64.rpm
|
SHA-256: 4a739b39680511aea08198d73575fc8e988f87c8d78f10d07ca5552d8c9c7952 |
|
mod_http2-debugsource-2.0.26-2.el9_4.2.x86_64.rpm
|
SHA-256: e4fae0ecc3daf1cc148da3dbbe5101bffe8deff87fadcdf4ee588326f387735f |
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4
| SRPM |
|
mod_http2-2.0.26-2.el9_4.2.src.rpm
|
SHA-256: d1ef7b0faa4f9a16824500686c8461c0367f32ede34a466ab7160003b8aa2805 |
| aarch64 |
|
mod_http2-2.0.26-2.el9_4.2.aarch64.rpm
|
SHA-256: 965eeecee2a85300ca381680ebd7f0cbca873277d0e86a624302f50359ea189d |
|
mod_http2-debuginfo-2.0.26-2.el9_4.2.aarch64.rpm
|
SHA-256: de88782bbc72138b0e45027384ccbdcf5f9721ef2f8fed0d88340a17392d658f |
|
mod_http2-debugsource-2.0.26-2.el9_4.2.aarch64.rpm
|
SHA-256: bd2dcb956815441d63e9c9d2f010b9d2f47ed5b3774af40af852af95e67703c4 |
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4
| SRPM |
|
mod_http2-2.0.26-2.el9_4.2.src.rpm
|
SHA-256: d1ef7b0faa4f9a16824500686c8461c0367f32ede34a466ab7160003b8aa2805 |
| s390x |
|
mod_http2-2.0.26-2.el9_4.2.s390x.rpm
|
SHA-256: 7445e839934d0160c6369a1544afcbe59aedaff778523d990174c0eb58d3be0f |
|
mod_http2-debuginfo-2.0.26-2.el9_4.2.s390x.rpm
|
SHA-256: 24d339e5db512ea96da7de98936063abd6d3f85387e18a565f16213c1dacea6c |
|
mod_http2-debugsource-2.0.26-2.el9_4.2.s390x.rpm
|
SHA-256: f9be230f3f11a35cd0478799881cb2e804c8cf0060c81d2a11d4540a1a1f741e |
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4
| SRPM |
|
mod_http2-2.0.26-2.el9_4.2.src.rpm
|
SHA-256: d1ef7b0faa4f9a16824500686c8461c0367f32ede34a466ab7160003b8aa2805 |
| x86_64 |
|
mod_http2-2.0.26-2.el9_4.2.x86_64.rpm
|
SHA-256: bbfada7247e9baee82f0675a47a9c479f1c6e981d3e2a86e49b62d447412448e |
|
mod_http2-debuginfo-2.0.26-2.el9_4.2.x86_64.rpm
|
SHA-256: 4a739b39680511aea08198d73575fc8e988f87c8d78f10d07ca5552d8c9c7952 |
|
mod_http2-debugsource-2.0.26-2.el9_4.2.x86_64.rpm
|
SHA-256: e4fae0ecc3daf1cc148da3dbbe5101bffe8deff87fadcdf4ee588326f387735f |
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4
| SRPM |
|
mod_http2-2.0.26-2.el9_4.2.src.rpm
|
SHA-256: d1ef7b0faa4f9a16824500686c8461c0367f32ede34a466ab7160003b8aa2805 |
| aarch64 |
|
mod_http2-2.0.26-2.el9_4.2.aarch64.rpm
|
SHA-256: 965eeecee2a85300ca381680ebd7f0cbca873277d0e86a624302f50359ea189d |
|
mod_http2-debuginfo-2.0.26-2.el9_4.2.aarch64.rpm
|
SHA-256: de88782bbc72138b0e45027384ccbdcf5f9721ef2f8fed0d88340a17392d658f |
|
mod_http2-debugsource-2.0.26-2.el9_4.2.aarch64.rpm
|
SHA-256: bd2dcb956815441d63e9c9d2f010b9d2f47ed5b3774af40af852af95e67703c4 |
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4
| SRPM |
|
mod_http2-2.0.26-2.el9_4.2.src.rpm
|
SHA-256: d1ef7b0faa4f9a16824500686c8461c0367f32ede34a466ab7160003b8aa2805 |
| ppc64le |
|
mod_http2-2.0.26-2.el9_4.2.ppc64le.rpm
|
SHA-256: b149eed6c56df5f3fae0530de10e6fab9e8fd5fffd3c6805a7cb0a541467d16d |
|
mod_http2-debuginfo-2.0.26-2.el9_4.2.ppc64le.rpm
|
SHA-256: 42996277bb553c1af9d75fc73c320153ffbf1c18db657d0ed0cdaad61f89810c |
|
mod_http2-debugsource-2.0.26-2.el9_4.2.ppc64le.rpm
|
SHA-256: 4eba51155fe82bda04ce3805ef35e395f208f56b3755ce23654af3d4c7ce2243 |
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4
| SRPM |
|
mod_http2-2.0.26-2.el9_4.2.src.rpm
|
SHA-256: d1ef7b0faa4f9a16824500686c8461c0367f32ede34a466ab7160003b8aa2805 |
| s390x |
|
mod_http2-2.0.26-2.el9_4.2.s390x.rpm
|
SHA-256: 7445e839934d0160c6369a1544afcbe59aedaff778523d990174c0eb58d3be0f |
|
mod_http2-debuginfo-2.0.26-2.el9_4.2.s390x.rpm
|
SHA-256: 24d339e5db512ea96da7de98936063abd6d3f85387e18a565f16213c1dacea6c |
|
mod_http2-debugsource-2.0.26-2.el9_4.2.s390x.rpm
|
SHA-256: f9be230f3f11a35cd0478799881cb2e804c8cf0060c81d2a11d4540a1a1f741e |
