Resolves: RHEL-191279 - mod_http2: Apache HTTP Server: Out-of-bounds

Read in mod_headers and mod_mime (CVE-2026-43951)
This commit is contained in:
Luboš Uhliarik 2026-07-14 19:47:16 +02:00
parent aa463ee2f5
commit 9a0b7a21b4
2 changed files with 24 additions and 1 deletions

View File

@ -0,0 +1,16 @@
diff --git a/mod_http2/h2_from_h1.c b/mod_http2/h2_from_h1.c
index edb1d8e..d2c91aa 100644
--- a/mod_http2/h2_from_h1.c
+++ b/mod_http2/h2_from_h1.c
@@ -234,10 +234,10 @@ static h2_headers *create_response(h2_task *task, request_rec *r)
if (!apr_is_empty_array(r->content_languages)) {
unsigned int i;
char *token;
- char **languages = (char **)(r->content_languages->elts);
const char *field = apr_table_get(r->headers_out, "Content-Language");
while (field && (token = ap_get_list_item(r->pool, &field)) != NULL) {
+ char **languages = (char **)(r->content_languages->elts);
for (i = 0; i < r->content_languages->nelts; ++i) {
if (!apr_strnatcasecmp(token, languages[i]))
break;

View File

@ -3,7 +3,7 @@
Name: mod_http2
Version: 1.15.7
Release: 10%{?dist}.6
Release: 10%{?dist}.7
Summary: module implementing HTTP/2 for Apache 2
Group: System Environment/Daemons
License: ASL 2.0
@ -34,6 +34,8 @@ Patch13: mod_http2-1.15.7-CVE-2025-49630.patch
Patch14: mod_http2-1.15.7-CVE-2025-53020.patch
# https://redhat.atlassian.net/browse/RHEL-182418
Patch15: mod_http2-1.15.7-CVE-2026-49975.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2486415
Patch16: mod_http2-1.15.7-CVE-2026-43951.patch
BuildRequires: pkgconfig, httpd-devel >= 2.4.20, libnghttp2-devel >= 1.7.0, openssl-devel >= 1.0.2
Requires: httpd-mmn = %{_httpd_mmn}
@ -60,6 +62,7 @@ top of libnghttp2 for httpd 2.4 servers.
%patch13 -p1 -b .CVE-2025-49630
%patch14 -p1 -b .CVE-2025-53020
%patch15 -p1 -b .CVE-2026-49975
%patch16 -p1 -b .CVE-2026-43951
%build
%configure
@ -86,6 +89,10 @@ make check
%{_httpd_moddir}/mod_proxy_http2.so
%changelog
* Tue Jul 14 2026 Luboš Uhliarik <luhliari@redhat.com> - 1.15.7-10.7
- Resolves: RHEL-191279 - mod_http2: Apache HTTP Server: Out-of-bounds
Read in mod_headers and mod_mime (CVE-2026-43951)
* Fri Jun 05 2026 Luboš Uhliarik <luhliari@redhat.com> - 1.15.7-10.6
- Resolves: RHEL-182418 - mod_http2: HTTP/2: Remote Denial of Service via
compression bomb and Slowloris-style attack (CVE-2026-49975)