RLSA-2026:26456

Security

Mirrored from RHSA-2026:26456

Issued at: 2026-06-19

Updated at: 2026-06-21

Synopsis

Important: 389-ds-base security, bug fix, and enhancement update

Description

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

Security Fix(es):

* 389-ds-base: 389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS) (CVE-2026-9064)

Bug Fix(es) and Enhancement(s):

* DS 12 does not handle escape char in bind user [rhel-10.2.z] (JIRA:Rocky Linux-170271)

* dnaSharedConfig: "dnaPortNum: 0" [rhel-10.2.z] (JIRA:Rocky Linux-170276)

* Memory leaks in syncrepl plugin during persistent search operations [rhel-10.2.z] (JIRA:Rocky Linux-170281)

* access log - suspicious wtime optime negative and large values in internal op [rhel-10.2.z] (JIRA:Rocky Linux-170363)

* An online reinitialization with LMDB is terminating the receiving server [rhel-10.2.z] (JIRA:Rocky Linux-170478)

* dsctl healthcheck DSMOLE0001 inaccurate recommendations when there is more than 1 LDAP backend [rhel-10.2.z] (JIRA:Rocky Linux-170481)

* Possible memory leak when using the Retro Changelog plugin. [rhel-10.2.z] (JIRA:Rocky Linux-170515)

* [RFE] Add OS-level thread names to all server threads [rhel-10.2.z] (JIRA:Rocky Linux-174526)

* Online export is failing when using the option "-s" [rhel-10.2.z] (JIRA:Rocky Linux-180718)

* Server shutdown during online reindex may lead to data loss [rhel-10.2.z] (JIRA:Rocky Linux-183897)

* Error: NssSsl.add_cert() got an unexpected keyword argument 'input_file' [rhel-10.2.z] (JIRA:Rocky Linux-183898)

* Replication errors in logs [rhel-10.2.z] (JIRA:Rocky Linux-183899)

* Substring index produces empty results and can crash when non-default nsSubStrBegin/nsSubStrEnd lengths are configured [rhel-10.2.z] (JIRA:Rocky Linux-183900)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 10 aarch64

Rocky Linux 10 ppc64le

Rocky Linux 10 riscv64

Rocky Linux 10 s390x

Rocky Linux 10 x86_64

Fixes

2480093

CVEs

CVE-2026-9064

Affected packages

Rocky Linux 10 ppc64le - AppStream

389-ds-base-libs-debuginfo-0:3.2.0-7.el10_2.ppc64le.rpm

389-ds-base-snmp-0:3.2.0-7.el10_2.ppc64le.rpm

389-ds-base-0:3.2.0-7.el10_2.src.rpm

389-ds-base-debuginfo-0:3.2.0-7.el10_2.ppc64le.rpm

389-ds-base-snmp-debuginfo-0:3.2.0-7.el10_2.ppc64le.rpm

389-ds-base-libs-0:3.2.0-7.el10_2.ppc64le.rpm

python3-lib389-0:3.2.0-7.el10_2.noarch.rpm

389-ds-base-debugsource-0:3.2.0-7.el10_2.ppc64le.rpm

389-ds-base-0:3.2.0-7.el10_2.ppc64le.rpm

Rocky Linux 10 ppc64le - CRB

389-ds-base-devel-0:3.2.0-7.el10_2.ppc64le.rpm

389-ds-base-bdb-debuginfo-0:3.2.0-7.el10_2.ppc64le.rpm

389-ds-base-bdb-0:3.2.0-7.el10_2.ppc64le.rpm

Rocky Linux 10 aarch64 - AppStream

389-ds-base-debugsource-0:3.2.0-7.el10_2.aarch64.rpm

389-ds-base-0:3.2.0-7.el10_2.src.rpm

389-ds-base-0:3.2.0-7.el10_2.aarch64.rpm

389-ds-base-libs-0:3.2.0-7.el10_2.aarch64.rpm

389-ds-base-snmp-debuginfo-0:3.2.0-7.el10_2.aarch64.rpm

389-ds-base-libs-debuginfo-0:3.2.0-7.el10_2.aarch64.rpm

389-ds-base-debuginfo-0:3.2.0-7.el10_2.aarch64.rpm

python3-lib389-0:3.2.0-7.el10_2.noarch.rpm

389-ds-base-snmp-0:3.2.0-7.el10_2.aarch64.rpm

Rocky Linux 10 riscv64 - AppStream

389-ds-base-0:3.2.0-7.el10_2.src.rpm

python3-lib389-0:3.2.0-7.el10_2.noarch.rpm

Rocky Linux 10 s390x - AppStream

389-ds-base-0:3.2.0-7.el10_2.src.rpm

389-ds-base-debuginfo-0:3.2.0-7.el10_2.s390x.rpm

389-ds-base-libs-debuginfo-0:3.2.0-7.el10_2.s390x.rpm

python3-lib389-0:3.2.0-7.el10_2.noarch.rpm

389-ds-base-snmp-0:3.2.0-7.el10_2.s390x.rpm

389-ds-base-libs-0:3.2.0-7.el10_2.s390x.rpm

389-ds-base-debugsource-0:3.2.0-7.el10_2.s390x.rpm

389-ds-base-0:3.2.0-7.el10_2.s390x.rpm

389-ds-base-snmp-debuginfo-0:3.2.0-7.el10_2.s390x.rpm

Rocky Linux 10 x86_64 - AppStream

389-ds-base-0:3.2.0-7.el10_2.src.rpm

389-ds-base-snmp-0:3.2.0-7.el10_2.x86_64.rpm

389-ds-base-0:3.2.0-7.el10_2.x86_64.rpm

389-ds-base-debuginfo-0:3.2.0-7.el10_2.x86_64.rpm

389-ds-base-libs-debuginfo-0:3.2.0-7.el10_2.x86_64.rpm

python3-lib389-0:3.2.0-7.el10_2.noarch.rpm

389-ds-base-debugsource-0:3.2.0-7.el10_2.x86_64.rpm

389-ds-base-libs-0:3.2.0-7.el10_2.x86_64.rpm

389-ds-base-snmp-debuginfo-0:3.2.0-7.el10_2.x86_64.rpm

Rocky Linux 10 aarch64 - CRB

389-ds-base-bdb-0:3.2.0-7.el10_2.aarch64.rpm

389-ds-base-devel-0:3.2.0-7.el10_2.aarch64.rpm

389-ds-base-bdb-debuginfo-0:3.2.0-7.el10_2.aarch64.rpm

Rocky Linux 10 x86_64 - CRB

389-ds-base-devel-0:3.2.0-7.el10_2.x86_64.rpm

389-ds-base-bdb-debuginfo-0:3.2.0-7.el10_2.x86_64.rpm

389-ds-base-bdb-0:3.2.0-7.el10_2.x86_64.rpm

Rocky Linux 10 s390x - CRB

389-ds-base-bdb-0:3.2.0-7.el10_2.s390x.rpm

389-ds-base-devel-0:3.2.0-7.el10_2.s390x.rpm

389-ds-base-bdb-debuginfo-0:3.2.0-7.el10_2.s390x.rpm