ELSA-2026-3208

ELSA-2026-3208 - 389-ds-base security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2026-02-24

Description

[3.1.3-7]
- Bump version to 3.1.3-7
- Resolves: RHEL-117764 - Replication online reinitialization of a large
database gets stalled. [rhel-10.1.z]
- Resolves: RHEL-123274 - LDAP high CPU usage while handling indexes with
IDL scan limit at INT_MAX [rhel-10.1.z]
- Resolves: RHEL-123281 - The new ipahealthcheck test
ipahealthcheck.ds.backends.BackendsCheck raises CRITICAL issue
[rhel-10.1.z]
- Resolves: RHEL-123370 - IPA health check up script shows time skew is
over 24 hours [rhel-10.1.z]
- Resolves: RHEL-129560 - Online initialization of consumers fails with
error -23 [rhel-10.1.z]
- Resolves: RHEL-137071 - CVE-2025-14905 389-ds-base: Remote Code Execution
and Denial of Service via heap buffer overflow [rhel-10.1.z]
- Resolves: RHEL-138484 - Memory leak observed in ns-slapd with 389-ds-
base-2.6.1-12 [rhel-10.1.z]
- Resolves: RHEL-140091 - Upgrading IDM to latest version: 389-ds-base and
ipa-server breaks replication [rhel-10.1.z]
- Resolves: RHEL-142981 - Scalability issue of replication online
initialization with large database [rhel-10.1.z]
- Resolves: RHEL-146896 - memory corruption in alias entry plugin
[rhel-10.1.z]
- Resolves: RHEL-147213 - Access logs are not getting deleted as
configured. [rhel-10.1.z]
- Resolves: RHEL-150908 - Remove memberof_del_dn_from_groups from MemberOf
plugin [rhel-10.1.z]

[3.1.3-6]
- Resolves: RHEL-117764 - Replication online reinitialization of a large
database gets stalled. [rhel-10.1.z]
- Resolves: RHEL-117773 - When the server restarts after a crash, the RFE
assumes memberof should be recomputed. It triggers a memberof fixup task,
dirsrv became unresponsive. [rhel-10.1.z]
- Resolves: RHEL-123233 - Improve the way to detect asynchronous operations
in the access logs [rhel-10.1.z]
- Resolves: RHEL-123246 - Attribute uniqueness is not enforced upon modrdn
operation [rhel-10.1.z]
- Resolves: RHEL-123260 - Typo in errors log after a Memberof fixup task.
[rhel-10.1.z]
- Resolves: RHEL-123274 - LDAP high CPU usage while handling indexes with
IDL scan limit at INT_MAX [rhel-10.1.z]
- Resolves: RHEL-123281 - The new ipahealthcheck test
ipahealthcheck.ds.backends.BackendsCheck raises CRITICAL issue
[rhel-10.1.z]
- Resolves: RHEL-123370 - IPA health check up script shows time skew is
over 24 hours [rhel-10.1.z]
- Resolves: RHEL-123768 - 389-ds-base OpenScanHub Leaks Detected
[rhel-10.1.z]
- Resolves: RHEL-123854 - Units for changing MDB max size are not
consistent across different tools [rhel-10.1.z]
- Resolves: RHEL-123895 - Improve output dsctl dbverify when backend does
not exist [rhel-10.1.z]
- Resolves: RHEL-123898 - [WebUI] Replication tab crashes after enabling
replication as a consumer [rhel-10.1.z]
- Resolves: RHEL-126554 - RHDS 12.6 doesn't handle 'ldapsearch' filter with
space char in DN name correctly [rhel-10.1.z]
- Resolves: RHEL-129560 - Online initialization of consumers fails with
error -23 [rhel-10.1.z]
- Resolves: RHEL-129581 - Fix paged result search locking [rhel-10.1.z]
- Resolves: RHEL-138484 - Memory leak observed in ns-slapd with 389-ds-
base-2.6.1-12 [rhel-10.1.z]
- Resolves: RHEL-138487 - RetroCL plugin generates invalid LDIF
[rhel-10.1.z]
- Resolves: RHEL-140091 - Upgrading IDM to latest version: 389-ds-base and
ipa-server breaks replication [rhel-10.1.z]
- Resolves: RHEL-140277 - ipa-healthcheck is complaining about missing or
incorrectly configured system indexes. [rhel-10.1.z]

Related CVEs

CVE-2025-14905

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 10 (aarch64)	389-ds-base-3.1.3-7.el10_1.src.rpm	4717f1d6983b2a5e1bb17ca08feb4eff914af7f391c22a94710a801fee7007a1	-	ol10_aarch64_appstream
	389-ds-base-3.1.3-7.el10_1.src.rpm	4717f1d6983b2a5e1bb17ca08feb4eff914af7f391c22a94710a801fee7007a1	-	ol10_aarch64_codeready_builder
	389-ds-base-3.1.3-7.el10_1.aarch64.rpm	70c28641d9a5218e56b7a7dc0ddb0c3e20b9286d732721d5bf7c4270c3dac61d	-	ol10_aarch64_appstream
	389-ds-base-bdb-3.1.3-7.el10_1.aarch64.rpm	f965bd66582e9a0f20850386ec704e33a4d0b36c09d0c410eed89841f94e11f9	-	ol10_aarch64_codeready_builder
	389-ds-base-devel-3.1.3-7.el10_1.aarch64.rpm	d95134f9634a6b08e72fe80e98f28da577f99184c02deea8b137d392c9defd4e	-	ol10_aarch64_codeready_builder
	389-ds-base-libs-3.1.3-7.el10_1.aarch64.rpm	add03aa4c9c51fd3fe4d8ca94620f1c21e3f49c5b83992107f2b09290ebec3b4	-	ol10_aarch64_appstream
	389-ds-base-snmp-3.1.3-7.el10_1.aarch64.rpm	f5d04969f027dcec4a548c7498f7f96b706bf3447895075792dc183d5780b921	-	ol10_aarch64_appstream
	python3-lib389-3.1.3-7.el10_1.noarch.rpm	19896579680223db5ec320b10cdb6a829a253a977996d7e5ddc922106bba0723	-	ol10_aarch64_appstream
Oracle Linux 10 (x86_64)	389-ds-base-3.1.3-7.el10_1.src.rpm	4717f1d6983b2a5e1bb17ca08feb4eff914af7f391c22a94710a801fee7007a1	-	ol10_x86_64_appstream
	389-ds-base-3.1.3-7.el10_1.src.rpm	4717f1d6983b2a5e1bb17ca08feb4eff914af7f391c22a94710a801fee7007a1	-	ol10_x86_64_codeready_builder
	389-ds-base-3.1.3-7.el10_1.x86_64.rpm	1dcb0f8a13735aba1d35c88c99d4b5877f6f8cbbf664295a527b279d4b5d4240	-	ol10_x86_64_appstream
	389-ds-base-bdb-3.1.3-7.el10_1.x86_64.rpm	61f80c9df0127a5108b1d9c501049c997411175b14c547634525048ae1ba0d1e	-	ol10_x86_64_codeready_builder
	389-ds-base-devel-3.1.3-7.el10_1.x86_64.rpm	a032f60cc030f8bc93b564a593b0d25de19a921dcf3ccf40f0fab4f715c0f5a2	-	ol10_x86_64_codeready_builder
	389-ds-base-libs-3.1.3-7.el10_1.x86_64.rpm	fdf13d5e057fab46275e9c13db94de4282c9c0bdfc110d61569772b924c55afd	-	ol10_x86_64_appstream
	389-ds-base-snmp-3.1.3-7.el10_1.x86_64.rpm	6b966391b62190c62c5310d425cc96ed943b4a192e6bc2ed8ef2f07a56f02997	-	ol10_x86_64_appstream
	python3-lib389-3.1.3-7.el10_1.noarch.rpm	19896579680223db5ec320b10cdb6a829a253a977996d7e5ddc922106bba0723	-	ol10_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team