ELSA-2026-34355

ELSA-2026-34355 - mod_http2 security, bug fix, and enhancement update

Type:SECURITY
Impact:MODERATE
Release Date:2026-07-16

Description


[2.0.29-4.2]
- Resolves: RHEL-188008 - address CVE-2026-43951, CVE-2026-48913

[2.0.29-4.1]
- Resolves: RHEL-182410 - mod_http2: HTTP/2: Remote Denial of Service via
compression bomb and Slowloris-style attack (CVE-2026-49975)

[2.0.29-4]
- Resolves: RHEL-166269 - httpd: Apache HTTP Server: HTTP/2 DoS by Memory
Increase (CVE-2025-53020)


Related CVEs


CVE-2026-43951
CVE-2026-48913

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 10 (aarch64) mod_http2-2.0.29-4.el10_2.2.src.rpm4881757ee4e6cab66368e0321573321f01291506d0c5239a8195f4b2059c2249-ol10_aarch64_appstream
mod_http2-2.0.29-4.el10_2.2.aarch64.rpm10737c9fadd90166a4ac0831baad975d4ea480062ce6b0524b217d3b136806e3-ol10_aarch64_appstream
Oracle Linux 10 (x86_64) mod_http2-2.0.29-4.el10_2.2.src.rpm4881757ee4e6cab66368e0321573321f01291506d0c5239a8195f4b2059c2249-ol10_x86_64_appstream
mod_http2-2.0.29-4.el10_2.2.x86_64.rpm184871cdc3257f9a5792b4f2e27a7ee793ca06f19d41e3fb19e9c5f4992a2d0f-ol10_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete