OESA-2025-2076

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2076
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-2076.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2025-2076
Upstream
Published
2025-08-29T11:16:50Z
Modified
2025-09-03T06:31:38.048521Z
Summary
mod_http2 security update
Details

The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.

Security Fix(es):

A vulnerability classified as problematic has been found in Apache HTTP Server up to 2.4.63 (Web Server).CWE is classifying the issue as CWE-617. The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.This is going to have an impact on availability.Upgrading to version 2.4.64 eliminates this vulnerability.The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-21017).(CVE-2025-49630)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:22.03-LTS-SP3 / mod_http2

Package

Name
mod_http2
Purl
pkg:rpm/openEuler/mod_http2&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.25-4.oe2203sp3

Ecosystem specific 

{
    "noarch": [
        "mod_http2-help-1.15.25-4.oe2203sp3.noarch.rpm"
    ],
    "src": [
        "mod_http2-1.15.25-4.oe2203sp3.src.rpm"
    ],
    "x86_64": [
        "mod_http2-1.15.25-4.oe2203sp3.x86_64.rpm",
        "mod_http2-debuginfo-1.15.25-4.oe2203sp3.x86_64.rpm",
        "mod_http2-debugsource-1.15.25-4.oe2203sp3.x86_64.rpm"
    ],
    "aarch64": [
        "mod_http2-1.15.25-4.oe2203sp3.aarch64.rpm",
        "mod_http2-debuginfo-1.15.25-4.oe2203sp3.aarch64.rpm",
        "mod_http2-debugsource-1.15.25-4.oe2203sp3.aarch64.rpm"
    ]
}

openEuler:22.03-LTS-SP4 / mod_http2

Package

Name
mod_http2
Purl
pkg:rpm/openEuler/mod_http2&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.25-4.oe2203sp4

Ecosystem specific 

{
    "noarch": [
        "mod_http2-help-1.15.25-4.oe2203sp4.noarch.rpm"
    ],
    "src": [
        "mod_http2-1.15.25-4.oe2203sp4.src.rpm"
    ],
    "x86_64": [
        "mod_http2-1.15.25-4.oe2203sp4.x86_64.rpm",
        "mod_http2-debuginfo-1.15.25-4.oe2203sp4.x86_64.rpm",
        "mod_http2-debugsource-1.15.25-4.oe2203sp4.x86_64.rpm"
    ],
    "aarch64": [
        "mod_http2-1.15.25-4.oe2203sp4.aarch64.rpm",
        "mod_http2-debuginfo-1.15.25-4.oe2203sp4.aarch64.rpm",
        "mod_http2-debugsource-1.15.25-4.oe2203sp4.aarch64.rpm"
    ]
}

openEuler:24.03-LTS / mod_http2

Package

Name
mod_http2
Purl
pkg:rpm/openEuler/mod_http2&distro=openEuler-24.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.25-4.oe2403sp2

Ecosystem specific 

{
    "noarch": [
        "mod_http2-help-2.0.25-4.oe2403.noarch.rpm",
        "mod_http2-help-2.0.25-4.oe2403sp1.noarch.rpm",
        "mod_http2-help-2.0.25-4.oe2403sp2.noarch.rpm"
    ],
    "src": [
        "mod_http2-2.0.25-4.oe2403.src.rpm",
        "mod_http2-2.0.25-4.oe2403sp1.src.rpm",
        "mod_http2-2.0.25-4.oe2403sp2.src.rpm"
    ],
    "x86_64": [
        "mod_http2-2.0.25-4.oe2403.x86_64.rpm",
        "mod_http2-debuginfo-2.0.25-4.oe2403.x86_64.rpm",
        "mod_http2-debugsource-2.0.25-4.oe2403.x86_64.rpm",
        "mod_http2-2.0.25-4.oe2403sp1.x86_64.rpm",
        "mod_http2-debuginfo-2.0.25-4.oe2403sp1.x86_64.rpm",
        "mod_http2-debugsource-2.0.25-4.oe2403sp1.x86_64.rpm",
        "mod_http2-2.0.25-4.oe2403sp2.x86_64.rpm",
        "mod_http2-debuginfo-2.0.25-4.oe2403sp2.x86_64.rpm",
        "mod_http2-debugsource-2.0.25-4.oe2403sp2.x86_64.rpm"
    ],
    "aarch64": [
        "mod_http2-2.0.25-4.oe2403.aarch64.rpm",
        "mod_http2-debuginfo-2.0.25-4.oe2403.aarch64.rpm",
        "mod_http2-debugsource-2.0.25-4.oe2403.aarch64.rpm",
        "mod_http2-2.0.25-4.oe2403sp1.aarch64.rpm",
        "mod_http2-debuginfo-2.0.25-4.oe2403sp1.aarch64.rpm",
        "mod_http2-debugsource-2.0.25-4.oe2403sp1.aarch64.rpm",
        "mod_http2-2.0.25-4.oe2403sp2.aarch64.rpm",
        "mod_http2-debuginfo-2.0.25-4.oe2403sp2.aarch64.rpm",
        "mod_http2-debugsource-2.0.25-4.oe2403sp2.aarch64.rpm"
    ]
}

openEuler:24.03-LTS-SP1 / mod_http2

Package

Name
mod_http2
Purl
pkg:rpm/openEuler/mod_http2&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.25-4.oe2403sp1

Ecosystem specific 

{
    "noarch": [
        "mod_http2-help-2.0.25-4.oe2403sp1.noarch.rpm"
    ],
    "src": [
        "mod_http2-2.0.25-4.oe2403sp1.src.rpm"
    ],
    "x86_64": [
        "mod_http2-2.0.25-4.oe2403sp1.x86_64.rpm",
        "mod_http2-debuginfo-2.0.25-4.oe2403sp1.x86_64.rpm",
        "mod_http2-debugsource-2.0.25-4.oe2403sp1.x86_64.rpm"
    ],
    "aarch64": [
        "mod_http2-2.0.25-4.oe2403sp1.aarch64.rpm",
        "mod_http2-debuginfo-2.0.25-4.oe2403sp1.aarch64.rpm",
        "mod_http2-debugsource-2.0.25-4.oe2403sp1.aarch64.rpm"
    ]
}

openEuler:24.03-LTS-SP2 / mod_http2

Package

Name
mod_http2
Purl
pkg:rpm/openEuler/mod_http2&distro=openEuler-24.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.25-4.oe2403sp2

Ecosystem specific 

{
    "noarch": [
        "mod_http2-help-2.0.25-4.oe2403sp2.noarch.rpm"
    ],
    "src": [
        "mod_http2-2.0.25-4.oe2403sp2.src.rpm"
    ],
    "x86_64": [
        "mod_http2-2.0.25-4.oe2403sp2.x86_64.rpm",
        "mod_http2-debuginfo-2.0.25-4.oe2403sp2.x86_64.rpm",
        "mod_http2-debugsource-2.0.25-4.oe2403sp2.x86_64.rpm"
    ],
    "aarch64": [
        "mod_http2-2.0.25-4.oe2403sp2.aarch64.rpm",
        "mod_http2-debuginfo-2.0.25-4.oe2403sp2.aarch64.rpm",
        "mod_http2-debugsource-2.0.25-4.oe2403sp2.aarch64.rpm"
    ]
}

openEuler:20.03-LTS-SP4 / mod_http2

Package

Name
mod_http2
Purl
pkg:rpm/openEuler/mod_http2&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.13-3.oe2003sp4

Ecosystem specific 

{
    "noarch": [
        "mod_http2-help-1.15.13-3.oe2003sp4.noarch.rpm"
    ],
    "src": [
        "mod_http2-1.15.13-3.oe2003sp4.src.rpm"
    ],
    "x86_64": [
        "mod_http2-1.15.13-3.oe2003sp4.x86_64.rpm",
        "mod_http2-debuginfo-1.15.13-3.oe2003sp4.x86_64.rpm",
        "mod_http2-debugsource-1.15.13-3.oe2003sp4.x86_64.rpm"
    ],
    "aarch64": [
        "mod_http2-1.15.13-3.oe2003sp4.aarch64.rpm",
        "mod_http2-debuginfo-1.15.13-3.oe2003sp4.aarch64.rpm",
        "mod_http2-debugsource-1.15.13-3.oe2003sp4.aarch64.rpm"
    ]
}