An update for mod_http2 is now available for openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-20.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2076 Final 1.0 1.0 2025-08-29 Initial 2025-08-29 2025-08-29 openEuler SA Tool V1.0 2025-08-29 mod_http2 security update An update for mod_http2 is now available for openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-20.03-LTS-SP4 The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. Security Fix(es): A vulnerability classified as problematic has been found in Apache HTTP Server up to 2.4.63 (Web Server).CWE is classifying the issue as CWE-617. The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.This is going to have an impact on availability.Upgrading to version 2.4.64 eliminates this vulnerability.The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-21017).(CVE-2025-49630) An update for mod_http2 is now available for openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-20.03-LTS-SP4. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High mod_http2 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2076 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-49630 https://nvd.nist.gov/vuln/detail/CVE-2025-49630 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-20.03-LTS-SP4 mod_http2-1.15.25-4.oe2203sp3.aarch64.rpm mod_http2-debuginfo-1.15.25-4.oe2203sp3.aarch64.rpm mod_http2-debugsource-1.15.25-4.oe2203sp3.aarch64.rpm mod_http2-1.15.25-4.oe2203sp4.aarch64.rpm mod_http2-debuginfo-1.15.25-4.oe2203sp4.aarch64.rpm mod_http2-debugsource-1.15.25-4.oe2203sp4.aarch64.rpm mod_http2-2.0.25-4.oe2403.aarch64.rpm mod_http2-debuginfo-2.0.25-4.oe2403.aarch64.rpm mod_http2-debugsource-2.0.25-4.oe2403.aarch64.rpm mod_http2-2.0.25-4.oe2403sp1.aarch64.rpm mod_http2-debuginfo-2.0.25-4.oe2403sp1.aarch64.rpm mod_http2-debugsource-2.0.25-4.oe2403sp1.aarch64.rpm mod_http2-2.0.25-4.oe2403sp2.aarch64.rpm mod_http2-debuginfo-2.0.25-4.oe2403sp2.aarch64.rpm mod_http2-debugsource-2.0.25-4.oe2403sp2.aarch64.rpm mod_http2-1.15.13-3.oe2003sp4.aarch64.rpm mod_http2-debuginfo-1.15.13-3.oe2003sp4.aarch64.rpm mod_http2-debugsource-1.15.13-3.oe2003sp4.aarch64.rpm mod_http2-1.15.25-4.oe2203sp3.src.rpm mod_http2-1.15.25-4.oe2203sp4.src.rpm mod_http2-2.0.25-4.oe2403.src.rpm mod_http2-2.0.25-4.oe2403sp1.src.rpm mod_http2-2.0.25-4.oe2403sp2.src.rpm mod_http2-1.15.13-3.oe2003sp4.src.rpm mod_http2-1.15.25-4.oe2203sp3.x86_64.rpm mod_http2-debuginfo-1.15.25-4.oe2203sp3.x86_64.rpm mod_http2-debugsource-1.15.25-4.oe2203sp3.x86_64.rpm mod_http2-1.15.25-4.oe2203sp4.x86_64.rpm mod_http2-debuginfo-1.15.25-4.oe2203sp4.x86_64.rpm mod_http2-debugsource-1.15.25-4.oe2203sp4.x86_64.rpm mod_http2-2.0.25-4.oe2403.x86_64.rpm mod_http2-debuginfo-2.0.25-4.oe2403.x86_64.rpm mod_http2-debugsource-2.0.25-4.oe2403.x86_64.rpm mod_http2-2.0.25-4.oe2403sp1.x86_64.rpm mod_http2-debuginfo-2.0.25-4.oe2403sp1.x86_64.rpm mod_http2-debugsource-2.0.25-4.oe2403sp1.x86_64.rpm mod_http2-2.0.25-4.oe2403sp2.x86_64.rpm mod_http2-debuginfo-2.0.25-4.oe2403sp2.x86_64.rpm mod_http2-debugsource-2.0.25-4.oe2403sp2.x86_64.rpm mod_http2-1.15.13-3.oe2003sp4.x86_64.rpm mod_http2-debuginfo-1.15.13-3.oe2003sp4.x86_64.rpm mod_http2-debugsource-1.15.13-3.oe2003sp4.x86_64.rpm mod_http2-help-1.15.25-4.oe2203sp3.noarch.rpm mod_http2-help-1.15.25-4.oe2203sp4.noarch.rpm mod_http2-help-2.0.25-4.oe2403.noarch.rpm mod_http2-help-2.0.25-4.oe2403sp1.noarch.rpm mod_http2-help-2.0.25-4.oe2403sp2.noarch.rpm mod_http2-help-1.15.13-3.oe2003sp4.noarch.rpm A vulnerability classified as problematic has been found in Apache HTTP Server up to 2.4.63 (Web Server).CWE is classifying the issue as CWE-617. The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.This is going to have an impact on availability.Upgrading to version 2.4.64 eliminates this vulnerability.The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-21017). 2025-08-29 CVE-2025-49630 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-20.03-LTS-SP4 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H mod_http2 security update 2025-08-29 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2076