[El-errata] ELSA-2026-5513 Moderate: Oracle Linux 8 389-ds:1.4 security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Mar 25 05:52:12 UTC 2026 

Oracle Linux Security Advisory ELSA-2026-5513

http://linux.oracle.com/errata/ELSA-2026-5513.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
389-ds-base-1.4.3.39-23.module+el8.10.0+90848+e0e1b1b6.x86_64.rpm
389-ds-base-devel-1.4.3.39-23.module+el8.10.0+90848+e0e1b1b6.x86_64.rpm
389-ds-base-legacy-tools-1.4.3.39-23.module+el8.10.0+90848+e0e1b1b6.x86_64.rpm
389-ds-base-libs-1.4.3.39-23.module+el8.10.0+90848+e0e1b1b6.x86_64.rpm
389-ds-base-snmp-1.4.3.39-23.module+el8.10.0+90848+e0e1b1b6.x86_64.rpm
python3-lib389-1.4.3.39-23.module+el8.10.0+90848+e0e1b1b6.noarch.rpm

aarch64:
389-ds-base-1.4.3.39-23.module+el8.10.0+90848+e0e1b1b6.aarch64.rpm
389-ds-base-devel-1.4.3.39-23.module+el8.10.0+90848+e0e1b1b6.aarch64.rpm
389-ds-base-legacy-tools-1.4.3.39-23.module+el8.10.0+90848+e0e1b1b6.aarch64.rpm
389-ds-base-libs-1.4.3.39-23.module+el8.10.0+90848+e0e1b1b6.aarch64.rpm
389-ds-base-snmp-1.4.3.39-23.module+el8.10.0+90848+e0e1b1b6.aarch64.rpm
python3-lib389-1.4.3.39-23.module+el8.10.0+90848+e0e1b1b6.noarch.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/389-ds-base-1.4.3.39-23.module+el8.10.0+90848+e0e1b1b6.src.rpm

Related CVEs:

CVE-2025-14905




Description of changes:

[1.4.3.39-23]
- Resolves: RHEL-137074 - CVE-2025-14905 389-ds:1.4/389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow [rhel-8.10.z]
- Resolves: RHEL-152098 - Scalability issue of replication online initialization with large database [rhel-8.10.z]

[1.4.3.39-22]
- Resolves: RHEL-148485 - Upgrading IDM to latest version: 389-ds-base and ipa-server breaks replication [rhel-8.10.z]

[1.4.3.39-21]
- Resolves: RHEL-141419 - (&(cn:dn:=groups)) no longer returns results [rhel-8.10.z]
- Resolves: RHEL-140272 - ipa-healthcheck is complaining about missing or
                          incorrectly configured system indexes. [rhel-8.10.z]

[1.4.3.39-20]
- Resolves: RHEL-140086 - Upgrading IDM to latest version: 389-ds-base and ipa-server breaks replication [rhel-8.10.z]

[1.4.3.39-19]
- Resolves: RHEL-117759 - Replication online reinitialization of a large database gets stalled. [rhel-8.10.z]

[1.4.3.39-18]
- Reverts: RHEL-123241 - Attribute uniqueness is not enforced upon modrdn operation [rhel-8.10.z]

[1.4.3.39-17]
- Resolves: RHEL-80491 - Can't rename users member of automember rule [rhel-8.10.z]
- Resolves: RHEL-87191 - Some replication status data are reset upon a restart. [rhel-8.10.z]
- Resolves: RHEL-89785 - Extend log of operations statistics in access log
- Resolves: RHEL-111226 - Error showing local password policy on web UI [rhel-8.10.z]
- Resolves: RHEL-113976 - AddressSanitizer: memory leak in memberof_add_memberof_attr [rhel-8.10.z]
- Resolves: RHEL-117457 - subtree search statistics for index lookup does not report ancestorid/entryrdn lookups
- Resolves: RHEL-117752 - Crash if repl keep alive entry can not be created [rhel-8.10.z]
- Resolves: RHEL-117759 - Replication online reinitialization of a large database gets stalled. [rhel-8.10.z]
- Resolves: RHEL-117765 - Statistics about index lookup report a wrong duration [rhel-8.10.z]
- Resolves: RHEL-123228 - Improve the way to detect asynchronous operations in the access logs [rhel-8.10.z]
- Resolves: RHEL-123241 - Attribute uniqueness is not enforced upon modrdn operation [rhel-8.10.z]
- Resolves: RHEL-123254 - Typo in errors log after a Memberof fixup task. [rhel-8.10.z]
- Resolves: RHEL-123269 - LDAP high CPU usage while handling indexes with IDL scan limit at INT_MAX [rhel-8.10.z]
- Resolves: RHEL-123276 - The new ipahealthcheck test ipahealthcheck.ds.backends.BackendsCheck raises CRITICAL issue [rhel-8.10.z]
- Resolves: RHEL-123363 - When deferred memberof update is enabled after the server crashed it should not launch memberof fixup task by default [rhel-8.10.z]
- Resolves: RHEL-123365 - IPA health check up script shows time skew is over 24 hours [rhel-8.10.z]
- Resolves: RHEL-123920 - Changelog trimming - add number of scanned entries to the log [rhel-8.10.z]
- Resolves: RHEL-126512 - Created user password hash available to see in audit log [rhel-8.10.z]
- Resolves: RHEL-129578 - Fix paged result search locking [rhel-8.10.z]
- Resolves: RHEL-130900 - On RHDS 12.6 The user password policy for a user was created, but the pwdpolicysubentry attribute for this user incorrectly points to the People OU password policy instead of the specific user policy. [rhel-8.10.z]

[1.4.3.39-15]
- Resolves: RHEL-109028 - Allow Uniqueness plugin to search uniqueness attributes using custom matching rules [rhel-8.10.z]

[1.4.3.39-14]
- Reverts: RHEL-80704 - Increased memory consumption caused by NDN cache [rhel-8.10.z]
- Resolves: RHEL-95442 - ns-slapd[xxxx]: segfault at 10d7d0d0 ip 00007ff734050cdb sp 00007ff6de9f1430 error 6 in libslapd.so.0.1.0[7ff733ec0000+1b3000] [rhel-8.10.z]

[1.4.3.39-13]
- Resolves: RHEL-89749 - Nested group does not receive memberOf attribute [rhel-8.10.z]
- Resolves: RHEL-89758 - dsidm Error: float() argument must be a string or a number, not 'NoneType' [rhel-8.10.z]
- Resolves: RHEL-89765 - Crash in __strlen_sse2 when using the nsRole filter rewriter. [rhel-8.10.z]
- Resolves: RHEL-89778 - RHDS12.2 NSMMReplicationPlugin - release_replica Unable to parse the response [rhel-8.10.z]

More information about the El-errata mailing list