Name: | mod_http2 |
---|---|
Version: | 1.15.7 |
Release: | 8.module+el8.8.0+21057+13668aee.3 |
Architecture: | x86_64 |
Module: | httpd:2.4:8080020230428145624:63b34585 httpd:2.4:8080020230911162843:63b34585 |
Group: | System Environment/Daemons |
Size: | 403198 |
License: | ASL 2.0 |
RPM: | mod_http2-1.15.7-8.module+el8.8.0+21057+13668aee.3.x86_64.rpm |
Source RPM: | mod_http2-1.15.7-8.module+el8.8.0+21057+13668aee.3.src.rpm |
Build Date: | Mon May 22 2023 |
Build Host: | build-ol8-x86_64.oracle.com |
Vendor: | Oracle America |
URL: | https://icing.github.io/mod_h2/ |
Summary: | module implementing HTTP/2 for Apache 2 |
Description: | The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. |
- Resolves: #2177748 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting with mod_rewrite and mod_proxy
- Resolves: #2095650 - Dependency from mod_http2 on httpd broken
- Backport SNI feature refactor - Resolves: rhbz#2137257
- Resolves: #2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference or SSRF in forward proxy configurations
- Resolves: #1966728 - CVE-2021-33193 httpd:2.4/mod_http2: httpd: Request splitting via HTTP/2 method injection and mod_proxy
- Resolves: #1869077 - CVE-2020-11993 httpd:2.4/mod_http2: httpd: mod_http2 concurrent pool usage
- Resolves: #1869073 - CVE-2020-9490 httpd:2.4/mod_http2: httpd: Push diary crash on specifically crafted HTTP/2 header
- new version 1.15.7 - Resolves: #1814236 - RFE: mod_http2 rebase - Resolves: #1747289 - CVE-2019-10082 httpd:2.4/mod_http2: httpd: read-after-free in h2 connection shutdown - Resolves: #1696099 - CVE-2019-0197 httpd:2.4/mod_http2: httpd: mod_http2: possible crash on late upgrade - Resolves: #1696094 - CVE-2019-0196 httpd:2.4/mod_http2: httpd: mod_http2: read-after-free on a string compare - Resolves: #1677591 - CVE-2018-17189 httpd:2.4/mod_http2: httpd: mod_http2: DoS via slow, unneeded request bodies
- Resolves: #1744999 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount of data request leads to denial of service - Resolves: #1745086 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length headers leads to denial of service - Resolves: #1745154 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request for large response leads to denial of service
- update release (#1695587)