- What: Security update for mod_http2 with HTTP/2 denial of service fix
- Impact: Systems using Red Hat Enterprise Linux 9 may be affected
Red Hat Product Errata RHSA-2026:22551 - Security Advisory Issued: 2026-06-02 Updated: 2026-06-02 RHSA-2026:22551 - Security Advisory Overview Updated Packages Synopsis Moderate: mod_http2 security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for mod_http2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. Security Fix(es): httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase (CVE-2025-53020) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x Fixes BZ - 2379343 - CVE-2025-53020 mod_http2: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVEs CVE-2025-53020 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM mod_http2-2.0.26-6.el9_8.src.rpm SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b x86_64 mod_http2-2.0.26-6.el9_8.x86_64.rpm SHA-256: 7b9da0a6138f1f7f2bf57f2daf7aaa2cb03dd2bc0e74870f65c32157073a99c7 mod_http2-debuginfo-2.0.26-6.el9_8.x86_64.rpm SHA-256: 38d14dce59e8db935c4747c91cebf7256dd1bb4446140a945f2780d10000e5e4 mod_http2-debugsource-2.0.26-6.el9_8.x86_64.rpm SHA-256: c17630c9826b86609c4cf7defec60f79312b0f4911e369f8f1edd4da0ec0807d Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 SRPM mod_http2-2.0.26-6.el9_8.src.rpm SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b x86_64 mod_http2-2.0.26-6.el9_8.x86_64.rpm SHA-256: 7b9da0a6138f1f7f2bf57f2daf7aaa2cb03dd2bc0e74870f65c32157073a99c7 mod_http2-debuginfo-2.0.26-6.el9_8.x86_64.rpm SHA-256: 38d14dce59e8db935c4747c91cebf7256dd1bb4446140a945f2780d10000e5e4 mod_http2-debugsource-2.0.26-6.el9_8.x86_64.rpm SHA-256: c17630c9826b86609c4cf7defec60f79312b0f4911e369f8f1edd4da0ec0807d Red Hat Enterprise Linux for IBM z Systems 9 SRPM mod_http2-2.0.26-6.el9_8.src.rpm SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b s390x mod_http2-2.0.26-6.el9_8.s390x.rpm SHA-256: 53496d3598da207b1c49f2466a7bbe63a1e5c5b47e526e8fd9d4556953f9d4a8 mod_http2-debuginfo-2.0.26-6.el9_8.s390x.rpm SHA-256: 4ee697f301f651353eb4f32cda3f978911955117ff526df685cbaf9f50a06605 mod_http2-debugsource-2.0.26-6.el9_8.s390x.rpm SHA-256: 3eedc82338bfe673620b3a5fd03aa898f10886019b22a4a403139da09504f4dc Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 SRPM mod_http2-2.0.26-6.el9_8.src.rpm SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b s390x mod_http2-2.0.26-6.el9_8.s390x.rpm SHA-256: 53496d3598da207b1c49f2466a7bbe63a1e5c5b47e526e8fd9d4556953f9d4a8 mod_http2-debuginfo-2.0.26-6.el9_8.s390x.rpm SHA-256: 4ee697f301f651353eb4f32cda3f978911955117ff526df685cbaf9f50a06605 mod_http2-debugsource-2.0.26-6.el9_8.s390x.rpm SHA-256: 3eedc82338bfe673620b3a5fd03aa898f10886019b22a4a403139da09504f4dc Red Hat Enterprise Linux for Power, little endian 9 SRPM mod_http2-2.0.26-6.el9_8.src.rpm SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b ppc64le mod_http2-2.0.26-6.el9_8.ppc64le.rpm SHA-256: 7f10fdda0b86a6a9f7b88fd134a973e64a1b546927280e7c77756b0f7e3d3e5b mod_http2-debuginfo-2.0.26-6.el9_8.ppc64le.rpm SHA-256: 848361c504af68794bc60baccfbe5370200327cee01ad1f1ff325e082f0a16a8 mod_http2-debugsource-2.0.26-6.el9_8.ppc64le.rpm SHA-256: 6da47f94e5cfda3ca3a1712f60afb676333970ad86df813915f24c766c4a4f61 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 SRPM mod_http2-2.0.26-6.el9_8.src.rpm SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b ppc64le mod_http2-2.0.26-6.el9_8.ppc64le.rpm SHA-256: 7f10fdda0b86a6a9f7b88fd134a973e64a1b546927280e7c77756b0f7e3d3e5b mod_http2-debuginfo-2.0.26-6.el9_8.ppc64le.rpm SHA-256: 848361c504af68794bc60baccfbe5370200327cee01ad1f1ff325e082f0a16a8 mod_http2-debugsource-2.0.26-6.el9_8.ppc64le.rpm SHA-256: 6da47f94e5cfda3ca3a1712f60afb676333970ad86df813915f24c766c4a4f61 Red Hat Enterprise Linux for ARM 64 9 SRPM mod_http2-2.0.26-6.el9_8.src.rpm SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b aarch64 mod_http2-2.0.26-6.el9_8.aarch64.rpm SHA-256: ea5866eb3812e4d18758d1615bc202199732795dc9e9be264a728ac171feae75 mod_http2-debuginfo-2.0.26-6.el9_8.aarch64.rpm SHA-256: 4721626754777ba739c958c1f66e6231244c9ebf00bf0bb6213ca16f148437d6 mod_http2-debugsource-2.0.26-6.el9_8.aarch64.rpm SHA-256: ed8eef56e59e2005da8985dbb649feb82f9aada7767dee3f514b8f905de4a920 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 SRPM mod_http2-2.0.26-6.el9_8.src.rpm SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b aarch64 mod_http2-2.0.26-6.el9_8.aarch64.rpm SHA-256: ea5866eb3812e4d18758d1615bc202199732795dc9e9be264a728ac171feae75 mod_http2-debuginfo-2.0.26-6.el9_8.aarch64.rpm SHA-256: 4721626754777ba739c958c1f66e6231244c9ebf00bf0bb6213ca16f148437d6 mod_http2-debugsource-2.0.26-6.el9_8.aarch64.rpm SHA-256: ed8eef56e59e2005da8985dbb649feb82f9aada7767dee3f514b8f905de4a920 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 SRPM mod_http2-2.0.26-6.el9_8.src.rpm SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b ppc64le mod_http2-2.0.26-6.el9_8.ppc64le.rpm SHA-256: 7f10fdda0b86a6a9f7b88fd134a973e64a1b546927280e7c77756b0f7e3d3e5b mod_http2-debuginfo-2.0.26-6.el9_8.ppc64le.rpm SHA-256: 848361c504af68794bc60baccfbe5370200327cee01ad1f1ff325e082f0a16a8 mod_http2-debugsource-2.0.26-6.el9_8.ppc64le.rpm SHA-256: 6da47f94e5cfda3ca3a1712f60afb676333970ad86df813915f24c766c4a4f61 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 SRPM mod_http2-2.0.26-6.el9_8.src.rpm SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b x86_64 mod_http2-2.0.26-6.el9_8.x86_64.rpm SHA-256: 7b9da0a6138f1f7f2bf57f2daf7aaa2cb03dd2bc0e74870f65c32157073a99c7 mod_http2-debuginfo-2.0.26-6.el9_8.x86_64.rpm SHA-256: 38d14dce59e8db935c4747c91cebf7256dd1bb4446140a945f2780d10000e5e4 mod_http2-debugsource-2.0.26-6.el9_8.x86_64.rpm SHA-256: c17630c9826b86609c4cf7defec60f79312b0f4911e369f8f1edd4da0ec0807d Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 SRPM mod_http2-2.0.26-6.el9_8.src.rpm SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b aarch64 mod_http2-2.0.26-6.el9_8.aarch64.rpm SHA-256: ea5866eb3812e4d18758d1615bc202199732795dc9e9be264a728ac171feae75 mod_http2-debuginfo-2.0.26-6.el9_8.aarch64.rpm SHA-256: 4721626754777ba739c958c1f66e6231244c9ebf00bf0bb6213ca16f148437d6 mod_http2-debugsource-2.0.26-6.el9_8.aarch64.rpm SHA-256: ed8eef56e59e2005da8985dbb649feb82f9aada7767dee3f514b8f905de4a920 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 SRPM mod_http2-2.0.26-6.el9_8.src.rpm SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b s390x mod_http2-2.0.26-6.el9_8.s390x.rpm SHA-256: 53496d3598da207b1c49f2466a7bbe63a1e5c5b47e526e8fd9d4556953f9d4a8 mod_http2-debuginfo-2.0.26-6.el9_8.s390x.rpm SHA-256: 4ee697f301f651353eb4f32cda3f978911955117ff526df685cbaf9f50a06605 mod_http2-debugsource-2.0.26-6.el9_8.s390x.rpm SHA-256: 3eedc82338bfe673620b3a5fd03aa898f10886019b22a4a403139da09504f4dc Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 SRPM mod_http2-2.0.26-6.el9_8.src.rpm SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b x86_64 mod_http2-2.0.26-6.el9_8.x86_64.rpm SHA-256: 7b9da0a6138f1f7f2bf57f2daf7aaa2cb03dd2bc0e74870f65c32157073a99c7 mod_http2-debuginfo-2.0.26-6.el9_8.x86_64.rpm SHA-256: 38d14dce59e8db935c4747c91cebf7256dd1bb4446140a945f2780d10000e5e4 mod_http2-debugsource-2.0.26-6.el9_8.x86_64.rpm SHA-256: c17630c9826b86609c4cf7defec60f79312b0f4911e369f8f1edd4da0ec0807d Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 SRPM mod_http2-2.0.26-6.el9_8.src.rpm SHA-256: e1cd29c6589f941c0759a1ca3a728d4d7c9ba21f18af669ea07abd945930158b aarch64 mod_http2-2.0.26-6.el9_8.aarch64.rpm SHA-256: ea5866eb3812e4d18758d1615bc202199732795dc9e9be264a728ac171feae75 mod_http2-debuginfo-2.0.26-6.el9_8.aarch6