Synopsis
Moderate: mod_http2 security update
Type/Severity
Security Advisory: Moderate
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for mod_http2 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.
Security Fix(es):
- httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase (CVE-2025-53020)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
-
Red Hat Enterprise Linux for x86_64 9 x86_64
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64
-
Red Hat Enterprise Linux for IBM z Systems 9 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x
-
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le
-
Red Hat Enterprise Linux for ARM 64 9 aarch64
-
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64
-
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le
-
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64
-
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64
-
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x
-
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64
-
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64
-
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le
-
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x
Fixes
-
BZ - 2379343
- CVE-2025-53020 mod_http2: Apache HTTP Server: HTTP/2 DoS by Memory Increase
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for x86_64 9
| SRPM |
|
mod_http2-2.0.26-6.el9_8.src.rpm
|
SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b |
| x86_64 |
|
mod_http2-2.0.26-6.el9_8.x86_64.rpm
|
SHA-256: 7b9da0a6138f1f7f2bf57f2daf7aaa2cb03dd2bc0e74870f65c32157073a99c7 |
|
mod_http2-debuginfo-2.0.26-6.el9_8.x86_64.rpm
|
SHA-256: 38d14dce59e8db935c4747c91cebf7256dd1bb4446140a945f2780d10000e5e4 |
|
mod_http2-debugsource-2.0.26-6.el9_8.x86_64.rpm
|
SHA-256: c17630c9826b86609c4cf7defec60f79312b0f4911e369f8f1edd4da0ec0807d |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8
| SRPM |
|
mod_http2-2.0.26-6.el9_8.src.rpm
|
SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b |
| x86_64 |
|
mod_http2-2.0.26-6.el9_8.x86_64.rpm
|
SHA-256: 7b9da0a6138f1f7f2bf57f2daf7aaa2cb03dd2bc0e74870f65c32157073a99c7 |
|
mod_http2-debuginfo-2.0.26-6.el9_8.x86_64.rpm
|
SHA-256: 38d14dce59e8db935c4747c91cebf7256dd1bb4446140a945f2780d10000e5e4 |
|
mod_http2-debugsource-2.0.26-6.el9_8.x86_64.rpm
|
SHA-256: c17630c9826b86609c4cf7defec60f79312b0f4911e369f8f1edd4da0ec0807d |
Red Hat Enterprise Linux for IBM z Systems 9
| SRPM |
|
mod_http2-2.0.26-6.el9_8.src.rpm
|
SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b |
| s390x |
|
mod_http2-2.0.26-6.el9_8.s390x.rpm
|
SHA-256: 53496d3598da207b1c49f2466a7bbe63a1e5c5b47e526e8fd9d4556953f9d4a8 |
|
mod_http2-debuginfo-2.0.26-6.el9_8.s390x.rpm
|
SHA-256: 4ee697f301f651353eb4f32cda3f978911955117ff526df685cbaf9f50a06605 |
|
mod_http2-debugsource-2.0.26-6.el9_8.s390x.rpm
|
SHA-256: 3eedc82338bfe673620b3a5fd03aa898f10886019b22a4a403139da09504f4dc |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8
| SRPM |
|
mod_http2-2.0.26-6.el9_8.src.rpm
|
SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b |
| s390x |
|
mod_http2-2.0.26-6.el9_8.s390x.rpm
|
SHA-256: 53496d3598da207b1c49f2466a7bbe63a1e5c5b47e526e8fd9d4556953f9d4a8 |
|
mod_http2-debuginfo-2.0.26-6.el9_8.s390x.rpm
|
SHA-256: 4ee697f301f651353eb4f32cda3f978911955117ff526df685cbaf9f50a06605 |
|
mod_http2-debugsource-2.0.26-6.el9_8.s390x.rpm
|
SHA-256: 3eedc82338bfe673620b3a5fd03aa898f10886019b22a4a403139da09504f4dc |
Red Hat Enterprise Linux for Power, little endian 9
| SRPM |
|
mod_http2-2.0.26-6.el9_8.src.rpm
|
SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b |
| ppc64le |
|
mod_http2-2.0.26-6.el9_8.ppc64le.rpm
|
SHA-256: 7f10fdda0b86a6a9f7b88fd134a973e64a1b546927280e7c77756b0f7e3d3e5b |
|
mod_http2-debuginfo-2.0.26-6.el9_8.ppc64le.rpm
|
SHA-256: 848361c504af68794bc60baccfbe5370200327cee01ad1f1ff325e082f0a16a8 |
|
mod_http2-debugsource-2.0.26-6.el9_8.ppc64le.rpm
|
SHA-256: 6da47f94e5cfda3ca3a1712f60afb676333970ad86df813915f24c766c4a4f61 |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8
| SRPM |
|
mod_http2-2.0.26-6.el9_8.src.rpm
|
SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b |
| ppc64le |
|
mod_http2-2.0.26-6.el9_8.ppc64le.rpm
|
SHA-256: 7f10fdda0b86a6a9f7b88fd134a973e64a1b546927280e7c77756b0f7e3d3e5b |
|
mod_http2-debuginfo-2.0.26-6.el9_8.ppc64le.rpm
|
SHA-256: 848361c504af68794bc60baccfbe5370200327cee01ad1f1ff325e082f0a16a8 |
|
mod_http2-debugsource-2.0.26-6.el9_8.ppc64le.rpm
|
SHA-256: 6da47f94e5cfda3ca3a1712f60afb676333970ad86df813915f24c766c4a4f61 |
Red Hat Enterprise Linux for ARM 64 9
| SRPM |
|
mod_http2-2.0.26-6.el9_8.src.rpm
|
SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b |
| aarch64 |
|
mod_http2-2.0.26-6.el9_8.aarch64.rpm
|
SHA-256: ea5866eb3812e4d18758d1615bc202199732795dc9e9be264a728ac171feae75 |
|
mod_http2-debuginfo-2.0.26-6.el9_8.aarch64.rpm
|
SHA-256: 4721626754777ba739c958c1f66e6231244c9ebf00bf0bb6213ca16f148437d6 |
|
mod_http2-debugsource-2.0.26-6.el9_8.aarch64.rpm
|
SHA-256: ed8eef56e59e2005da8985dbb649feb82f9aada7767dee3f514b8f905de4a920 |
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8
| SRPM |
|
mod_http2-2.0.26-6.el9_8.src.rpm
|
SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b |
| aarch64 |
|
mod_http2-2.0.26-6.el9_8.aarch64.rpm
|
SHA-256: ea5866eb3812e4d18758d1615bc202199732795dc9e9be264a728ac171feae75 |
|
mod_http2-debuginfo-2.0.26-6.el9_8.aarch64.rpm
|
SHA-256: 4721626754777ba739c958c1f66e6231244c9ebf00bf0bb6213ca16f148437d6 |
|
mod_http2-debugsource-2.0.26-6.el9_8.aarch64.rpm
|
SHA-256: ed8eef56e59e2005da8985dbb649feb82f9aada7767dee3f514b8f905de4a920 |
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8
| SRPM |
|
mod_http2-2.0.26-6.el9_8.src.rpm
|
SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b |
| ppc64le |
|
mod_http2-2.0.26-6.el9_8.ppc64le.rpm
|
SHA-256: 7f10fdda0b86a6a9f7b88fd134a973e64a1b546927280e7c77756b0f7e3d3e5b |
|
mod_http2-debuginfo-2.0.26-6.el9_8.ppc64le.rpm
|
SHA-256: 848361c504af68794bc60baccfbe5370200327cee01ad1f1ff325e082f0a16a8 |
|
mod_http2-debugsource-2.0.26-6.el9_8.ppc64le.rpm
|
SHA-256: 6da47f94e5cfda3ca3a1712f60afb676333970ad86df813915f24c766c4a4f61 |
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8
| SRPM |
|
mod_http2-2.0.26-6.el9_8.src.rpm
|
SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b |
| x86_64 |
|
mod_http2-2.0.26-6.el9_8.x86_64.rpm
|
SHA-256: 7b9da0a6138f1f7f2bf57f2daf7aaa2cb03dd2bc0e74870f65c32157073a99c7 |
|
mod_http2-debuginfo-2.0.26-6.el9_8.x86_64.rpm
|
SHA-256: 38d14dce59e8db935c4747c91cebf7256dd1bb4446140a945f2780d10000e5e4 |
|
mod_http2-debugsource-2.0.26-6.el9_8.x86_64.rpm
|
SHA-256: c17630c9826b86609c4cf7defec60f79312b0f4911e369f8f1edd4da0ec0807d |
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8
| SRPM |
|
mod_http2-2.0.26-6.el9_8.src.rpm
|
SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b |
| aarch64 |
|
mod_http2-2.0.26-6.el9_8.aarch64.rpm
|
SHA-256: ea5866eb3812e4d18758d1615bc202199732795dc9e9be264a728ac171feae75 |
|
mod_http2-debuginfo-2.0.26-6.el9_8.aarch64.rpm
|
SHA-256: 4721626754777ba739c958c1f66e6231244c9ebf00bf0bb6213ca16f148437d6 |
|
mod_http2-debugsource-2.0.26-6.el9_8.aarch64.rpm
|
SHA-256: ed8eef56e59e2005da8985dbb649feb82f9aada7767dee3f514b8f905de4a920 |
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8
| SRPM |
|
mod_http2-2.0.26-6.el9_8.src.rpm
|
SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b |
| s390x |
|
mod_http2-2.0.26-6.el9_8.s390x.rpm
|
SHA-256: 53496d3598da207b1c49f2466a7bbe63a1e5c5b47e526e8fd9d4556953f9d4a8 |
|
mod_http2-debuginfo-2.0.26-6.el9_8.s390x.rpm
|
SHA-256: 4ee697f301f651353eb4f32cda3f978911955117ff526df685cbaf9f50a06605 |
|
mod_http2-debugsource-2.0.26-6.el9_8.s390x.rpm
|
SHA-256: 3eedc82338bfe673620b3a5fd03aa898f10886019b22a4a403139da09504f4dc |
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8
| SRPM |
|
mod_http2-2.0.26-6.el9_8.src.rpm
|
SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b |
| x86_64 |
|
mod_http2-2.0.26-6.el9_8.x86_64.rpm
|
SHA-256: 7b9da0a6138f1f7f2bf57f2daf7aaa2cb03dd2bc0e74870f65c32157073a99c7 |
|
mod_http2-debuginfo-2.0.26-6.el9_8.x86_64.rpm
|
SHA-256: 38d14dce59e8db935c4747c91cebf7256dd1bb4446140a945f2780d10000e5e4 |
|
mod_http2-debugsource-2.0.26-6.el9_8.x86_64.rpm
|
SHA-256: c17630c9826b86609c4cf7defec60f79312b0f4911e369f8f1edd4da0ec0807d |
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8
| SRPM |
|
mod_http2-2.0.26-6.el9_8.src.rpm
|
SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b |
| aarch64 |
|
mod_http2-2.0.26-6.el9_8.aarch64.rpm
|
SHA-256: ea5866eb3812e4d18758d1615bc202199732795dc9e9be264a728ac171feae75 |
|
mod_http2-debuginfo-2.0.26-6.el9_8.aarch64.rpm
|
SHA-256: 4721626754777ba739c958c1f66e6231244c9ebf00bf0bb6213ca16f148437d6 |
|
mod_http2-debugsource-2.0.26-6.el9_8.aarch64.rpm
|
SHA-256: ed8eef56e59e2005da8985dbb649feb82f9aada7767dee3f514b8f905de4a920 |
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8
| SRPM |
|
mod_http2-2.0.26-6.el9_8.src.rpm
|
SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b |
| ppc64le |
|
mod_http2-2.0.26-6.el9_8.ppc64le.rpm
|
SHA-256: 7f10fdda0b86a6a9f7b88fd134a973e64a1b546927280e7c77756b0f7e3d3e5b |
|
mod_http2-debuginfo-2.0.26-6.el9_8.ppc64le.rpm
|
SHA-256: 848361c504af68794bc60baccfbe5370200327cee01ad1f1ff325e082f0a16a8 |
|
mod_http2-debugsource-2.0.26-6.el9_8.ppc64le.rpm
|
SHA-256: 6da47f94e5cfda3ca3a1712f60afb676333970ad86df813915f24c766c4a4f61 |
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8
| SRPM |
|
mod_http2-2.0.26-6.el9_8.src.rpm
|
SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b |
| s390x |
|
mod_http2-2.0.26-6.el9_8.s390x.rpm
|
SHA-256: 53496d3598da207b1c49f2466a7bbe63a1e5c5b47e526e8fd9d4556953f9d4a8 |
|
mod_http2-debuginfo-2.0.26-6.el9_8.s390x.rpm
|
SHA-256: 4ee697f301f651353eb4f32cda3f978911955117ff526df685cbaf9f50a06605 |
|
mod_http2-debugsource-2.0.26-6.el9_8.s390x.rpm
|
SHA-256: 3eedc82338bfe673620b3a5fd03aa898f10886019b22a4a403139da09504f4dc |
