mod_http2-2.0.26-2.el9_4.1

エラータID: AXSA:2024-8954:04

Release date: 
Tuesday, November 5, 2024 - 11:13
Subject: 
mod_http2-2.0.26-2.el9_4.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Low
Description: 

The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.

Security Fix(es):

* mod_http2: DoS by null pointer in websocket over HTTP/2 (CVE-2024-36387)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-36387
Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. mod_http2-2.0.26-2.el9_4.1.src.rpm
    MD5: 6cb5ff5dffca12326b1c4e7a6964f960
    SHA-256: f839bef3e8892d8128c126c73e89f3ecb244b374c9ec9c093a48b391cc920a57
    Size: 1.01 MB

Asianux Server 9 for x86_64
  1. mod_http2-2.0.26-2.el9_4.1.x86_64.rpm
    MD5: e9aef9c510bb7fa01908006f3a430116
    SHA-256: c55b2ea4caa5cd1d41377676e39fc3aee56a35cbf3dab9b3f1d8367b514c02ab
    Size: 162.47 kB