[El-errata] ELSA-2026-3208 Moderate: Oracle Linux 10 389-ds-base security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Feb 25 05:20:26 UTC 2026 

Oracle Linux Security Advisory ELSA-2026-3208

http://linux.oracle.com/errata/ELSA-2026-3208.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
389-ds-base-3.1.3-7.el10_1.x86_64.rpm
389-ds-base-bdb-3.1.3-7.el10_1.x86_64.rpm
389-ds-base-devel-3.1.3-7.el10_1.x86_64.rpm
389-ds-base-libs-3.1.3-7.el10_1.x86_64.rpm
389-ds-base-snmp-3.1.3-7.el10_1.x86_64.rpm
python3-lib389-3.1.3-7.el10_1.noarch.rpm

aarch64:
389-ds-base-3.1.3-7.el10_1.aarch64.rpm
389-ds-base-bdb-3.1.3-7.el10_1.aarch64.rpm
389-ds-base-devel-3.1.3-7.el10_1.aarch64.rpm
389-ds-base-libs-3.1.3-7.el10_1.aarch64.rpm
389-ds-base-snmp-3.1.3-7.el10_1.aarch64.rpm
python3-lib389-3.1.3-7.el10_1.noarch.rpm


SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/389-ds-base-3.1.3-7.el10_1.src.rpm

Related CVEs:

CVE-2025-14905




Description of changes:

[3.1.3-7]
- Bump version to 3.1.3-7
- Resolves: RHEL-117764 - Replication online reinitialization of a large
  database gets stalled. [rhel-10.1.z]
- Resolves: RHEL-123274 - LDAP high CPU usage while handling indexes with
  IDL scan limit at INT_MAX [rhel-10.1.z]
- Resolves: RHEL-123281 - The new ipahealthcheck test
  ipahealthcheck.ds.backends.BackendsCheck raises CRITICAL issue
  [rhel-10.1.z]
- Resolves: RHEL-123370 - IPA health check up script shows time skew is
  over 24 hours [rhel-10.1.z]
- Resolves: RHEL-129560 - Online initialization of consumers fails with
  error -23 [rhel-10.1.z]
- Resolves: RHEL-137071 - CVE-2025-14905 389-ds-base: Remote Code Execution
  and Denial of Service via heap buffer overflow [rhel-10.1.z]
- Resolves: RHEL-138484 - Memory leak observed in ns-slapd with 389-ds-
  base-2.6.1-12 [rhel-10.1.z]
- Resolves: RHEL-140091 - Upgrading IDM to latest version: 389-ds-base and
  ipa-server breaks replication  [rhel-10.1.z]
- Resolves: RHEL-142981 - Scalability issue of replication online
  initialization with large database [rhel-10.1.z]
- Resolves: RHEL-146896 - memory corruption in alias entry plugin
  [rhel-10.1.z]
- Resolves: RHEL-147213 - Access logs are not getting deleted as
  configured. [rhel-10.1.z]
- Resolves: RHEL-150908 - Remove memberof_del_dn_from_groups from MemberOf
  plugin [rhel-10.1.z]

[3.1.3-6]
- Resolves: RHEL-117764 - Replication online reinitialization of a large
  database gets stalled. [rhel-10.1.z]
- Resolves: RHEL-117773 - When the server restarts after a crash, the RFE
  assumes memberof should be recomputed. It triggers a memberof fixup task,
  dirsrv became unresponsive. [rhel-10.1.z]
- Resolves: RHEL-123233 - Improve the way to detect asynchronous operations
  in the access logs [rhel-10.1.z]
- Resolves: RHEL-123246 - Attribute uniqueness is not enforced upon modrdn
  operation [rhel-10.1.z]
- Resolves: RHEL-123260 - Typo in errors log after a Memberof fixup task.
  [rhel-10.1.z]
- Resolves: RHEL-123274 - LDAP high CPU usage while handling indexes with
  IDL scan limit at INT_MAX [rhel-10.1.z]
- Resolves: RHEL-123281 - The new ipahealthcheck test
  ipahealthcheck.ds.backends.BackendsCheck raises CRITICAL issue
  [rhel-10.1.z]
- Resolves: RHEL-123370 - IPA health check up script shows time skew is
  over 24 hours [rhel-10.1.z]
- Resolves: RHEL-123768 - 389-ds-base OpenScanHub Leaks Detected
  [rhel-10.1.z]
- Resolves: RHEL-123854 - Units for changing MDB max size are not
  consistent across different tools [rhel-10.1.z]
- Resolves: RHEL-123895 - Improve output dsctl dbverify when backend does
  not exist [rhel-10.1.z]
- Resolves: RHEL-123898 - [WebUI] Replication tab crashes after enabling
  replication as a consumer [rhel-10.1.z]
- Resolves: RHEL-126554 - RHDS 12.6 doesn't handle 'ldapsearch' filter with
  space char in DN name correctly [rhel-10.1.z]
- Resolves: RHEL-129560 - Online initialization of consumers fails with
  error -23 [rhel-10.1.z]
- Resolves: RHEL-129581 - Fix paged result search locking [rhel-10.1.z]
- Resolves: RHEL-138484 - Memory leak observed in ns-slapd with 389-ds-
  base-2.6.1-12 [rhel-10.1.z]
- Resolves: RHEL-138487 - RetroCL plugin generates invalid LDIF
  [rhel-10.1.z]
- Resolves: RHEL-140091 - Upgrading IDM  to latest version: 389-ds-base and
  ipa-server breaks replication  [rhel-10.1.z]
- Resolves: RHEL-140277 - ipa-healthcheck is complaining about missing or
  incorrectly configured system indexes. [rhel-10.1.z]

More information about the El-errata mailing list