Red Hat Product Errata RHSA-2026:25090 - Security Advisory Issued: 2026-06-10 Updated: 2026-06-10 RHSA-2026:25090 - Security Advisory Overview Updated Packages Synopsis Important: httpd:2.4 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack (CVE-2026-49975) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x Fixes BZ - 2485371 - CVE-2026-49975 httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVEs CVE-2026-49975 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM httpd-2.4.37-65.module+el8.10.0+24281+ea10630c.8.src.rpm SHA-256: 9271f0e115987091877ffefc03b0631429a62bfe8d17ad7082636bc8cc72284f mod_http2-1.15.7-10.module+el8.10.0+24368+ad388a0c.6.src.rpm SHA-256: ace81cbed4983b9ec72d9abd9bedd596be1af39277f171e8f0bfbceb0a129b1e mod_md-2.0.8-8.module+el8.10.0+23815+1b5e1c66.2.src.rpm SHA-256: 79fc3c0d9aaf015a3e1b7afd26e475420f685b3aed9827368b6094b3dcaf80e0 x86_64 httpd-filesystem-2.4.37-65.module+el8.10.0+24281+ea10630c.8.noarch.rpm SHA-256: ac838acab97284476356a852e0a45bdaba43461f0dc976c7947457d53d927a9c httpd-manual-2.4.37-65.module+el8.10.0+24281+ea10630c.8.noarch.rpm SHA-256: 11454991fefbb413432531cfbbb9bb904d3c4ee50ed7f78c96d9ae14cd29cd80 httpd-filesystem-2.4.37-65.module+el8.10.0+24281+ea10630c.8.noarch.rpm SHA-256: ac838acab97284476356a852e0a45bdaba43461f0dc976c7947457d53d927a9c httpd-manual-2.4.37-65.module+el8.10.0+24281+ea10630c.8.noarch.rpm SHA-256: 11454991fefbb413432531cfbbb9bb904d3c4ee50ed7f78c96d9ae14cd29cd80 httpd-filesystem-2.4.37-65.module+el8.10.0+24281+ea10630c.8.noarch.rpm SHA-256: ac838acab97284476356a852e0a45bdaba43461f0dc976c7947457d53d927a9c httpd-manual-2.4.37-65.module+el8.10.0+24281+ea10630c.8.noarch.rpm SHA-256: 11454991fefbb413432531cfbbb9bb904d3c4ee50ed7f78c96d9ae14cd29cd80 httpd-2.4.37-65.module+el8.10.0+24281+ea10630c.8.x86_64.rpm SHA-256: 1f8796f5739c9b76116d9b90e9215e4a91701e5412d30d72f3a1e745ee3762eb httpd-debuginfo-2.4.37-65.module+el8.10.0+24281+ea10630c.8.x86_64.rpm SHA-256: f3c9723be2b3c932286236477a1ce4206986eff0e5c81d5ed95191be0fcecf41 httpd-debugsource-2.4.37-65.module+el8.10.0+24281+ea10630c.8.x86_64.rpm SHA-256: 3b4c00d19b6296a310a533e995b2e403c57bcd1c7f9812a02dc1db3da8ae76b5 httpd-devel-2.4.37-65.module+el8.10.0+24281+ea10630c.8.x86_64.rpm SHA-256: 47422a251e3112f3940104936f9bd9de5d7be6f32031782bcbdceb7a05ea608f httpd-filesystem-2.4.37-65.module+el8.10.0+24281+ea10630c.8.noarch.rpm SHA-256: ac838acab97284476356a852e0a45bdaba43461f0dc976c7947457d53d927a9c httpd-manual-2.4.37-65.module+el8.10.0+24281+ea10630c.8.noarch.rpm SHA-256: 11454991fefbb413432531cfbbb9bb904d3c4ee50ed7f78c96d9ae14cd29cd80 httpd-tools-2.4.37-65.module+el8.10.0+24281+ea10630c.8.x86_64.rpm SHA-256: 4c8a4b7ef537d29d62cd4f55428db515ff6ceab9cbd9d9bfc76f149e3918c890 httpd-tools-debuginfo-2.4.37-65.module+el8.10.0+24281+ea10630c.8.x86_64.rpm SHA-256: b6ce9586321d1ec927642c716a1ef0e83500761b666a75a417318142bd9ccf7b mod_http2-1.15.7-10.module+el8.10.0+24368+ad388a0c.6.x86_64.rpm SHA-256: bdbbad4ef6d24e949fbadc4fe8d05956b5f7bba770716eb4d3a3e89680cb928d mod_http2-debuginfo-1.15.7-10.module+el8.10.0+24368+ad388a0c.6.x86_64.rpm SHA-256: bdaa45a56c316678248aa98729b011b65078fae40aa1b011452ab381a43bb6dd mod_http2-debugsource-1.15.7-10.module+el8.10.0+24368+ad388a0c.6.x86_64.rpm SHA-256: 901927d4c74bd889f8c4b82cf89cf37c383547148f2eb463ee83b034e8614348 mod_ldap-2.4.37-65.module+el8.10.0+24281+ea10630c.8.x86_64.rpm SHA-256: 5c3e8688123fdafbff80171268ec0394a4f6dff5dec28db04f35e09a43c7b9d0 mod_ldap-debuginfo-2.4.37-65.module+el8.10.0+24281+ea10630c.8.x86_64.rpm SHA-256: 9924716c4386c1b3f1cf9d0e02a1dddda70c7449be3fe7a90414d7b9a3cf5676 mod_md-2.0.8-8.module+el8.10.0+23815+1b5e1c66.2.x86_64.rpm SHA-256: ff96565db59c708b0bb84d600b8ee01eec951e0320937e15782f38a4fb853749 mod_md-debuginfo-2.0.8-8.module+el8.10.0+23815+1b5e1c66.2.x86_64.rpm SHA-256: a5875ad00ed2b1e796cd0dc4292b05ebe73dbcb71b33f85a35c407b7d3db20a4 mod_md-debugsource-2.0.8-8.module+el8.10.0+23815+1b5e1c66.2.x86_64.rpm SHA-256: 5c9bd8863303a23ddc952fdd285c3d4cc5cdce4ddf334e3ede03456a00615c1b mod_proxy_html-2.4.37-65.module+el8.10.0+24281+ea10630c.8.x86_64.rpm SHA-256: babc337c0ee2a168c19d7fb5ac4762b0151626f2baee67a148e0ad3a824321f9 mod_proxy_html-debuginfo-2.4.37-65.module+el8.10.0+24281+ea10630c.8.x86_64.rpm SHA-256: 73d498fee6e8e35ab688114a9b577ad64bc50fc67c2f5e72159ceae3ce6eb2ac mod_session-2.4.37-65.module+el8.10.0+24281+ea10630c.8.x86_64.rpm SHA-256: f1acff0b62fd9cec7e8780a92338fa8872b8bf3cba1e50f25ef3baa7676fdb70 mod_session-debuginfo-2.4.37-65.module+el8.10.0+24281+ea10630c.8.x86_64.rpm SHA-256: a4127333940a7d5d93f2e16cb367b31f95d2d273384db6fcc6088978974e0e22 mod_ssl-2.4.37-65.module+el8.10.0+24281+ea10630c.8.x86_64.rpm SHA-256: fac2f6f395310a6351d8394a05fb71b2a66addaffbf546bb74820245165cdde3 mod_ssl-debuginfo-2.4.37-65.module+el8.10.0+24281+ea10630c.8.x86_64.rpm SHA-256: 82901d6bf02ebdf884a97bfd35e0486aa15909d86db2cd1d7636178088392ffb Red Hat Enterprise Linux for IBM z Systems 8 SRPM httpd-2.4.37-65.module+el8.10.0+24281+ea10630c.8.src.rpm SHA-256: 9271f0e115987091877ffefc03b0631429a62bfe8d17ad7082636bc8cc72284f mod_http2-1.15.7-10.module+el8.10.0+24368+ad388a0c.6.src.rpm SHA-256: ace81cbed4983b9ec72d9abd9bedd596be1af39277f171e8f0bfbceb0a129b1e mod_md-2.0.8-8.module+el8.10.0+23815+1b5e1c66.2.src.rpm SHA-256: 79fc3c0d9aaf015a3e1b7afd26e475420f685b3aed9827368b6094b3dcaf80e0 s390x httpd-filesystem-2.4.37-65.module+el8.10.0+24281+ea10630c.8.noarch.rpm SHA-256: ac838acab97284476356a852e0a45bdaba43461f0dc976c7947457d53d927a9c httpd-manual-2.4.37-65.module+el8.10.0+24281+ea10630c.8.noarch.rpm SHA-256: 11454991fefbb413432531cfbbb9bb904d3c4ee50ed7f78c96d9ae14cd29cd80 httpd-2.4.37-65.module+el8.10.0+24281+ea10630c.8.s390x.rpm SHA-256: e7f92544adb0ba8c5ee359108aa177f1a511748d8e96d3bd78f557fa1b38057e httpd-debuginfo-2.4.37-65.module+el8.10.0+24281+ea10630c.8.s390x.rpm SHA-256: e54f9ad31c0cf8d2d45047100b3cf00db268fe5e7b2fd7aad227cf4e3919fb6f httpd-debugsource-2.4.37-65.module+el8.10.0+24281+ea10630c.8.s390x.rpm SHA-256: 1b309244c1846ed348bf7eb127ffb90ccea3bc8d1d3a3b8ef9a91718d63f9d17 httpd-devel-2.4.37-65.module+el8.10.0+24281+ea10630c.8.s390x.rpm SHA-256: 6b494efc7951b36aad62b2159ab285f83d1b970ca186854c45011e4bf7b23549 httpd-filesystem-2.4.37-65.module+el8.10.0+24281+ea10630c.8.noarch.rpm SHA-256: ac838acab97284476356a852e0a45bdaba43461f0dc976c7947457d53d927a9c httpd-manual-2.4.37-65.module+el8.10.0+24281+ea10630c.8.noarch.rpm SHA-256: 11454991fefbb413432531cfbbb9bb904d3c4ee50ed7f78c96d9ae14cd29cd80 httpd-tools-2.4.37-65.module+el8.10.0+24281+ea10630c.8.s390x.rpm SHA-256: dbff91f5442e2ad0a9cf813d092c0d033b12c29db92a90311fa9c887e0463439 httpd-tools-debuginfo-2.4.37-65.module+el8.10.0+24281+ea10630c.8.s390x.rpm SHA-256: 0d6f23c41131c6bb460368781e3f6f0f2e04ea2c0cbbb7c6ee2fcf3ce86ffeed mod_http2-1.15.7-10.module+el8.10.0+24368+ad388a0c.6.s390x.rpm SHA-256: 0bcd099d0224c7d700386fb4aa8a23f5df2ba98508ee44e7783e801386708040 mod_http2-debuginfo-1.15.7-10.module+el8.10.0+24368+ad388a0c.6.s390x.rpm SHA-256: 05294360eb334889583e7b8bc8ca3848ebfba1f0b660bd875308a20bbd472226 mod_http2-debugsource-1.15.7-10.module+el8.10.0+24368+ad388a0c.6.s390x.rpm SHA-256: f23cde29ea102f81780e46dad87b1df7739fa0db357ff3c3e819c00fc32f7055 mod_ldap-2.4.37-65.module+el8.10.0+24281+ea10630c.8.s390x.rpm SHA-256: c07d1065a310fc2fc7dc95d1b15ae04df814c28b3664d60c8f878767cfd48367 mod_ldap-debuginfo-2.4.37-65.module+el8.10.0+24281+ea10630c.8.s390x.rpm SHA-256: 84a83052386f7d73ed90127a24c991ffc4f485ca95dad6f1618c079e6933e00f mod_md-2.0.8-8.module+el8.10.0+23815+1b5e1c66.2.s390x.rpm SHA-256: 224b7dad70c5755b1ef890c322cf22c4158a41133d0ab37e06a1d752abd21911 mod_md-debuginfo-2.0.8-8.module+el8.10.0+23815+1b5e1c66.2.s390x.rpm SHA-256: 85e5441b14b33ce053a21c22adf191f133a13b63036c3cc69077f7b87fd9c20b mod_md-debugsource-2.0.8-8.module+el8.10.0+23815+1b5e1c66.2.s390x.rpm SHA-256: f74e2a9f14ae78dfdd9a8cc0123b94236a12fe14efea938773bdb92a1207acf8 mod_proxy_html-2.4.37-65.module+el8.10.0+24281+ea10630c.8.s390x.rpm SHA-256: 639f31f26d50710479f3057d8f271572c9e6f2f9d0ff0d4cd03dbe1a19021cee mod_proxy_html-debuginfo-2.4.37-65.module+el8.10.0+24281+ea10630c.8.s390x.rpm SHA-256: c72eb97de46b834cb8be9f647945786c650653075fc737086fba623d04ae11bd mod_session-2.4.37-65.module+el8.10.0+24281+ea10630c.8.s390x.rpm SHA-256: 941274eb84a32e01527aaf