ELSA-2026-22528 - mod_http2 security update
| Type: | SECURITY |
| Impact: | MODERATE |
| Release Date: | 2026-07-17 |
Description
[2.0.29-4.2]
- Resolves: RHEL-188008 - address CVE-2026-43951, CVE-2026-48913
[2.0.29-4.1]
- Resolves: RHEL-182410 - mod_http2: HTTP/2: Remote Denial of Service via
compression bomb and Slowloris-style attack (CVE-2026-49975)
[2.0.29-4]
- Resolves: RHEL-166269 - httpd: Apache HTTP Server: HTTP/2 DoS by Memory
Increase (CVE-2025-53020)
Related CVEs
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
|
| Oracle Linux 10 (aarch64) | mod_http2-2.0.29-4.el10_2.2.src.rpm | 4881757ee4e6cab66368e0321573321f01291506d0c5239a8195f4b2059c2249 | - | ol10_aarch64_appstream |
| mod_http2-2.0.29-4.el10_2.2.aarch64.rpm | 10737c9fadd90166a4ac0831baad975d4ea480062ce6b0524b217d3b136806e3 | - | ol10_aarch64_appstream |
|
| Oracle Linux 10 (x86_64) | mod_http2-2.0.29-4.el10_2.2.src.rpm | 4881757ee4e6cab66368e0321573321f01291506d0c5239a8195f4b2059c2249 | - | ol10_x86_64_appstream |
| mod_http2-2.0.29-4.el10_2.2.x86_64.rpm | 184871cdc3257f9a5792b4f2e27a7ee793ca06f19d41e3fb19e9c5f4992a2d0f | - | ol10_x86_64_appstream |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team