mod_http2-2.0.26-4.el9_6.1

エラータID: AXSA:2025-10820:02

Release date: 
Wednesday, September 3, 2025 - 16:29
Subject: 
mod_http2-2.0.26-4.el9_6.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.

Security Fix(es):

* httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module (CVE-2025-49630)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-49630
In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in mod_proxy_http2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with ProxyPreserveHost set to "on".

Solution: 

Update packages.

CVEs: 
CVE-2025-49630
In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in mod_proxy_http2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with ProxyPreserveHost set to "on".
Additional Info: 

N/A

Download: 

SRPMS
  1. mod_http2-2.0.26-4.el9_6.1.src.rpm
    MD5: 2469f3fbe54c4a6536798d31bb9fa99d
    SHA-256: 364b4165210462446fa350c121be60c0ff585046d3a009748911669f8a0e0f54
    Size: 1.01 MB

Asianux Server 9 for x86_64
  1. mod_http2-2.0.26-4.el9_6.1.x86_64.rpm
    MD5: 7f1acd32d8712042c9dda4e34a473eed
    SHA-256: f30fe9abc405a0ce19bcc6b58e06b6864fcc3d6c3b2d50ce23e3079e34ac53d2
    Size: 162.78 kB