RHSA-2026:26465 Red Hat Security Advisory: 389-ds-base security update

Bulletin has no description...

RHSA-2026:26464 Red Hat Security Advisory: 389-ds-base security update

Bulletin has no description...

RHSA-2026:26456 Red Hat Security Advisory: 389-ds-base security, bug fix, and enhancement update

Bulletin has no description...

RHSA-2026:26457 Red Hat Security Advisory: 389-ds-base security update

Bulletin has no description...

RHSA-2026:26452 Red Hat Security Advisory: 389-ds-base security update

Bulletin has no description...

RHSA-2026:26453 Red Hat Security Advisory: 389-ds-base security update

Bulletin has no description...

Important: Red Hat Security Advisory: 389-ds-base security, bug fix, and enhancement update

An update for 389-ds-base is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

389-ds-base: 389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS)

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

Linux Distros Unpatched Vulnerability : CVE-2026-11791

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in 389 Directory Server. During schema reload, the attrsyntaxswapht function unconditionally frees attribute syntax information nodes, bypassin...

Amazon Linux 2 : 389-ds-base, --advisory ALAS2-2026-3339 (ALAS-2026-3339)

The version of 389-ds-base installed on the remote host is prior to 1.3.10.2-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3339 advisory. A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound ...

Astra Linux - уязвимость в 389-ds-base

A heap overflow flaw was discovered in 389-ds-base. This issue causes a denial of service when writing a value larger than 256 characters in logentryattr...

Astra Linux - уязвимость в 389-ds-base

A flaw was discovered in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then any password will successfully match during authentication, instead of being inactive. This flaw allows an attacker to successfully authenticate as a user whose password h...

Astra Linux - уязвимость в 389-ds-base

The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying userPassword using malformed input...

PT-2026-42138

Name of the Vulnerable Software and Affected Versions 389-ds-base affected versions not specified Description A flaw exists in the LDAP server where the get ldapmessage controls ext function fails to enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated...

Astra Linux – Vulnerability in the 389-DS-base

A flaw was discovered in 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can access a NULL pointer dereferencing using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is associated with an incomple...

Astra Linux – Vulnerability in slapi-nis

A flaw was discovered in slapi-nis in versions prior to 0.56.7. A NULL pointer dereferencing during the parsing of the Binding DN could allow an unauthenticated attacker to crash the 389-ds-base directory server. The greatest threat from this vulnerability is to system availability...

Astra Linux – Vulnerability in the 389-DS-base

A flaw has been discovered in 389-ds-base versions 1.4.x.x prior to 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker who can view the screen or record the terminal’s standard error outpu...

TencentOS Server 3: 389-ds:1.4 (TSSA-2026:0243)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0243 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Alibaba Cloud Linux 3 : 0072: 389-ds:1.4 (ALINUX3-SA-2026:0072)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0072 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-14905: A flaw was found in the 389-ds-base...

Oracle Linux 7 : 389-ds-base (ELSA-2026-6220)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-6220 advisory. - Security fix for CVE-2025-14905 Orabug: 39146844 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...