Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.2
389 Directory Server: Remote Code Execution and Denial of Service
RLSA-2026:5513
Summary
A critical security update is available for 389 Directory Server, which could allow an attacker to take control of a server or make it unavailable. This update is recommended to prevent potential security breaches. Update your 389 Directory Server to the latest version as soon as possible.
What to do
- Update 389-ds-base to version 0:1.4.3.39-23.module+el8.10.0+40135+69dd2a79.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | 389-ds-base | <= 0:1.4.3.39-23.module+el8.10.0+40135+69dd2a79 | 0:1.4.3.39-23.module+el8.10.0+40135+69dd2a79 |
Original title
Moderate: 389-ds:1.4 security update
Original description
389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.
Security Fix(es):
* 389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow (CVE-2025-14905)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Security Fix(es):
* 389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow (CVE-2025-14905)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
osv CVSS3.1
7.2
- https://errata.rockylinux.org/RLSA-2026:5513 Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2423624 Third Party Advisory
Published: 7 Apr 2026 · Updated: 7 Apr 2026 · First seen: 7 Apr 2026