[El-errata] ELSA-2026-26459 Important: Oracle Linux 8 389-ds:1.4 security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Jun 23 04:33:18 UTC 2026


Oracle Linux Security Advisory ELSA-2026-26459

http://linux.oracle.com/errata/ELSA-2026-26459.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
389-ds-base-1.4.3.39-24.module+el8.10.0+90914+745232ac.x86_64.rpm
389-ds-base-devel-1.4.3.39-24.module+el8.10.0+90914+745232ac.x86_64.rpm
389-ds-base-legacy-tools-1.4.3.39-24.module+el8.10.0+90914+745232ac.x86_64.rpm
389-ds-base-libs-1.4.3.39-24.module+el8.10.0+90914+745232ac.x86_64.rpm
389-ds-base-snmp-1.4.3.39-24.module+el8.10.0+90914+745232ac.x86_64.rpm
python3-lib389-1.4.3.39-24.module+el8.10.0+90914+745232ac.noarch.rpm

aarch64:
389-ds-base-1.4.3.39-24.module+el8.10.0+90914+745232ac.aarch64.rpm
389-ds-base-devel-1.4.3.39-24.module+el8.10.0+90914+745232ac.aarch64.rpm
389-ds-base-legacy-tools-1.4.3.39-24.module+el8.10.0+90914+745232ac.aarch64.rpm
389-ds-base-libs-1.4.3.39-24.module+el8.10.0+90914+745232ac.aarch64.rpm
389-ds-base-snmp-1.4.3.39-24.module+el8.10.0+90914+745232ac.aarch64.rpm
python3-lib389-1.4.3.39-24.module+el8.10.0+90914+745232ac.noarch.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/389-ds-base-1.4.3.39-24.module+el8.10.0+90914+745232ac.src.rpm

Related CVEs:

CVE-2026-9064




Description of changes:

[1.4.3.39-24]
- Bump version to 1.4.3.39-24
- Resolves: RHEL-170278 - Memory leaks in syncrepl plugin during persistent search operations [rhel-8.10.z]
- Resolves: RHEL-163375 - WARN - keys2idl - received NULL idl from index_read_ext_allids
- Resolves: RHEL-159306 - ns-slapd crash in libdb possible memory corruption [rhel-8.10.z]
- Resolves: RHEL-170284 - access log - suspicious wtime optime negative and large values in internal op [rhel-8.10.z]
- Resolves: RHEL-170507 - ns-slapd fails to shutdown when deferred memberof update is in progress [rhel-8.10.z]
- Resolves: RHEL-170509 - Crash in trim_changelog() during the Retro Changelog trimming [rhel-8.10.z]
- Resolves: RHEL-170514 - Possible memory leak when using the Retro Changelog plugin [rhel-8.10.z]
- Resolves: RHEL-170512 - Crash in replica_config_add when manually configuring a replica with an incorrect nsds5ReplicaRoot [rhel-8.10.z]
- Resolves: RHEL-174523 - [RFE] Add OS-level thread names to all server threads [rhel-8.10.z]
- Resolves: RHEL-170483 - test_vlv_recreation_reindex fails on LMDB [rhel-8.10.z]
- Resolves: RHEL-178076 - CVE-2026-9064 389-ds:1.4/389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS) [rhel-8.10.z]

[1.4.3.39-23]
- Resolves: RHEL-137074 - CVE-2025-14905 389-ds:1.4/389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow [rhel-8.10.z]
- Resolves: RHEL-152098 - Scalability issue of replication online initialization with large database [rhel-8.10.z]

[1.4.3.39-22]
- Resolves: RHEL-148485 - Upgrading IDM to latest version: 389-ds-base and ipa-server breaks replication [rhel-8.10.z]

[1.4.3.39-21]
- Resolves: RHEL-141419 - (&(cn:dn:=groups)) no longer returns results [rhel-8.10.z]
- Resolves: RHEL-140272 - ipa-healthcheck is complaining about missing or
                          incorrectly configured system indexes. [rhel-8.10.z]

[1.4.3.39-20]
- Resolves: RHEL-140086 - Upgrading IDM to latest version: 389-ds-base and ipa-server breaks replication [rhel-8.10.z]

[1.4.3.39-19]
- Resolves: RHEL-117759 - Replication online reinitialization of a large database gets stalled. [rhel-8.10.z]

[1.4.3.39-18]
- Reverts: RHEL-123241 - Attribute uniqueness is not enforced upon modrdn operation [rhel-8.10.z]

[1.4.3.39-17]
- Resolves: RHEL-80491 - Can't rename users member of automember rule [rhel-8.10.z]
- Resolves: RHEL-87191 - Some replication status data are reset upon a restart. [rhel-8.10.z]
- Resolves: RHEL-89785 - Extend log of operations statistics in access log
- Resolves: RHEL-111226 - Error showing local password policy on web UI [rhel-8.10.z]
- Resolves: RHEL-113976 - AddressSanitizer: memory leak in memberof_add_memberof_attr [rhel-8.10.z]
- Resolves: RHEL-117457 - subtree search statistics for index lookup does not report ancestorid/entryrdn lookups
- Resolves: RHEL-117752 - Crash if repl keep alive entry can not be created [rhel-8.10.z]
- Resolves: RHEL-117759 - Replication online reinitialization of a large database gets stalled. [rhel-8.10.z]
- Resolves: RHEL-117765 - Statistics about index lookup report a wrong duration [rhel-8.10.z]
- Resolves: RHEL-123228 - Improve the way to detect asynchronous operations in the access logs [rhel-8.10.z]
- Resolves: RHEL-123241 - Attribute uniqueness is not enforced upon modrdn operation [rhel-8.10.z]
- Resolves: RHEL-123254 - Typo in errors log after a Memberof fixup task. [rhel-8.10.z]
- Resolves: RHEL-123269 - LDAP high CPU usage while handling indexes with IDL scan limit at INT_MAX [rhel-8.10.z]
- Resolves: RHEL-123276 - The new ipahealthcheck test ipahealthcheck.ds.backends.BackendsCheck raises CRITICAL issue [rhel-8.10.z]
- Resolves: RHEL-123363 - When deferred memberof update is enabled after the server crashed it should not launch memberof fixup task by default [rhel-8.10.z]
- Resolves: RHEL-123365 - IPA health check up script shows time skew is over 24 hours [rhel-8.10.z]
- Resolves: RHEL-123920 - Changelog trimming - add number of scanned entries to the log [rhel-8.10.z]
- Resolves: RHEL-126512 - Created user password hash available to see in audit log [rhel-8.10.z]
- Resolves: RHEL-129578 - Fix paged result search locking [rhel-8.10.z]
- Resolves: RHEL-130900 - On RHDS 12.6 The user password policy for a user was created, but the pwdpolicysubentry attribute for this user incorrectly points to the People OU password policy instead of the specific user policy. [rhel-8.10.z]

[1.4.3.39-15]
- Resolves: RHEL-109028 - Allow Uniqueness plugin to search uniqueness attributes using custom matching rules [rhel-8.10.z]

[1.4.3.39-14]
- Reverts: RHEL-80704 - Increased memory consumption caused by NDN cache [rhel-8.10.z]
- Resolves: RHEL-95442 - ns-slapd[xxxx]: segfault at 10d7d0d0 ip 00007ff734050cdb sp 00007ff6de9f1430 error 6 in libslapd.so.0.1.0[7ff733ec0000+1b3000] [rhel-8.10.z]




More information about the El-errata mailing list