ELSA-2026-25057 - mod_http2 security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2026-06-23 |
Description
[2.0.26-6.1]
- Resolves: RHEL-182417 - mod_http2: HTTP/2: Remote Denial of Service via
compression bomb and Slowloris-style attack (CVE-2026-49975)
[2.0.26-6]
- Resolves: RHEL-166293 - httpd: Apache HTTP Server: HTTP/2 DoS by Memory
Increase (CVE-2025-53020)
Related CVEs
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
|
| Oracle Linux 9 (aarch64) | mod_http2-2.0.26-6.el9_8.1.src.rpm | 440b9607dd7c652b106f8764cb801df66d60597c845523d53cd4de1780f3c6c1 | - | ol9_aarch64_appstream |
| mod_http2-2.0.26-6.el9_8.1.aarch64.rpm | d6a449145f46f87ea3dab082e39cd87d035dc86300e6f89d50018429c144d6f7 | - | ol9_aarch64_appstream |
|
| Oracle Linux 9 (x86_64) | mod_http2-2.0.26-6.el9_8.1.src.rpm | 440b9607dd7c652b106f8764cb801df66d60597c845523d53cd4de1780f3c6c1 | - | ol9_x86_64_appstream |
| mod_http2-2.0.26-6.el9_8.1.x86_64.rpm | 2a1dbcf02190f82c72cf9f44c4fe369a2e133edd76ef83cdd7dde0a4e3791e3f | - | ol9_x86_64_appstream |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
