Описание
ELSA-2026-3208: 389-ds-base security update (MODERATE)
[3.1.3-7]
- Bump version to 3.1.3-7
- Resolves: RHEL-117764 - Replication online reinitialization of a large database gets stalled. [rhel-10.1.z]
- Resolves: RHEL-123274 - LDAP high CPU usage while handling indexes with IDL scan limit at INT_MAX [rhel-10.1.z]
- Resolves: RHEL-123281 - The new ipahealthcheck test ipahealthcheck.ds.backends.BackendsCheck raises CRITICAL issue [rhel-10.1.z]
- Resolves: RHEL-123370 - IPA health check up script shows time skew is over 24 hours [rhel-10.1.z]
- Resolves: RHEL-129560 - Online initialization of consumers fails with error -23 [rhel-10.1.z]
- Resolves: RHEL-137071 - CVE-2025-14905 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow [rhel-10.1.z]
- Resolves: RHEL-138484 - Memory leak observed in ns-slapd with 389-ds- base-2.6.1-12 [rhel-10.1.z]
- Resolves: RHEL-140091 - Upgrading IDM to latest version: 389-ds-base and ipa-server breaks replication [rhel-10.1.z]
- Resolves: RHEL-142981 - Scalability issue of replication online initialization with large database [rhel-10.1.z]
- Resolves: RHEL-146896 - memory corruption in alias entry plugin [rhel-10.1.z]
- Resolves: RHEL-147213 - Access logs are not getting deleted as configured. [rhel-10.1.z]
- Resolves: RHEL-150908 - Remove memberof_del_dn_from_groups from MemberOf plugin [rhel-10.1.z]
[3.1.3-6]
- Resolves: RHEL-117764 - Replication online reinitialization of a large database gets stalled. [rhel-10.1.z]
- Resolves: RHEL-117773 - When the server restarts after a crash, the RFE assumes memberof should be recomputed. It triggers a memberof fixup task, dirsrv became unresponsive. [rhel-10.1.z]
- Resolves: RHEL-123233 - Improve the way to detect asynchronous operations in the access logs [rhel-10.1.z]
- Resolves: RHEL-123246 - Attribute uniqueness is not enforced upon modrdn operation [rhel-10.1.z]
- Resolves: RHEL-123260 - Typo in errors log after a Memberof fixup task. [rhel-10.1.z]
- Resolves: RHEL-123274 - LDAP high CPU usage while handling indexes with IDL scan limit at INT_MAX [rhel-10.1.z]
- Resolves: RHEL-123281 - The new ipahealthcheck test ipahealthcheck.ds.backends.BackendsCheck raises CRITICAL issue [rhel-10.1.z]
- Resolves: RHEL-123370 - IPA health check up script shows time skew is over 24 hours [rhel-10.1.z]
- Resolves: RHEL-123768 - 389-ds-base OpenScanHub Leaks Detected [rhel-10.1.z]
- Resolves: RHEL-123854 - Units for changing MDB max size are not consistent across different tools [rhel-10.1.z]
- Resolves: RHEL-123895 - Improve output dsctl dbverify when backend does not exist [rhel-10.1.z]
- Resolves: RHEL-123898 - [WebUI] Replication tab crashes after enabling replication as a consumer [rhel-10.1.z]
- Resolves: RHEL-126554 - RHDS 12.6 doesn't handle 'ldapsearch' filter with space char in DN name correctly [rhel-10.1.z]
- Resolves: RHEL-129560 - Online initialization of consumers fails with error -23 [rhel-10.1.z]
- Resolves: RHEL-129581 - Fix paged result search locking [rhel-10.1.z]
- Resolves: RHEL-138484 - Memory leak observed in ns-slapd with 389-ds- base-2.6.1-12 [rhel-10.1.z]
- Resolves: RHEL-138487 - RetroCL plugin generates invalid LDIF [rhel-10.1.z]
- Resolves: RHEL-140091 - Upgrading IDM to latest version: 389-ds-base and ipa-server breaks replication [rhel-10.1.z]
- Resolves: RHEL-140277 - ipa-healthcheck is complaining about missing or incorrectly configured system indexes. [rhel-10.1.z]
Обновленные пакеты
Oracle Linux 10
Oracle Linux aarch64
389-ds-base
3.1.3-7.el10_1
389-ds-base-bdb
3.1.3-7.el10_1
389-ds-base-devel
3.1.3-7.el10_1
389-ds-base-libs
3.1.3-7.el10_1
389-ds-base-snmp
3.1.3-7.el10_1
python3-lib389
3.1.3-7.el10_1
Oracle Linux x86_64
389-ds-base
3.1.3-7.el10_1
389-ds-base-bdb
3.1.3-7.el10_1
389-ds-base-devel
3.1.3-7.el10_1
389-ds-base-libs
3.1.3-7.el10_1
389-ds-base-snmp
3.1.3-7.el10_1
python3-lib389
3.1.3-7.el10_1
Связанные CVE
Связанные уязвимости
A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).
A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).
A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).
A flaw was found in the 389-ds-base server. A heap buffer overflow vul ...
