Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Lightspeed
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Lightspeed
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2026:36198 - Security Advisory
Issued:
2026-07-07
Updated:
2026-07-07

RHSA-2026:36198 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: 389-ds-base security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for 389-ds-base is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

Security Fix(es):

  • 389-ds-base: 389-ds-base: Heap buffer overflow in sasl_io_recv() via padded SASL UNBIND (CVE-2026-11610)
  • 389-ds-base: 389-ds-base: integer overflow in SASL packet length bypasses size limit leading to heap buffer overflow (CVE-2026-11774)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server - AUS 9.4 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x

Fixes

  • BZ - 2484414 - CVE-2026-11610 389-ds-base: 389-ds-base: Heap buffer overflow in sasl_io_recv() via padded SASL UNBIND
  • BZ - 2484916 - CVE-2026-11774 389-ds-base: 389-ds-base: integer overflow in SASL packet length bypasses size limit leading to heap buffer overflow

CVEs

  • CVE-2026-11610
  • CVE-2026-11774

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
389-ds-base-2.4.5-26.el9_4.src.rpm SHA-256: 2bea4e2544e81fc90a445f1d04ac11ba29ef03a6c6b24771fdc339c40e9b757b
x86_64
389-ds-base-2.4.5-26.el9_4.x86_64.rpm SHA-256: ad5c9e825a698153e66e7d5524c6cfb53e2b3953275756fd87a1e55d71b0f59d
389-ds-base-debuginfo-2.4.5-26.el9_4.x86_64.rpm SHA-256: 8bcaf8dd5412349e0158e4ba31bc823fb9682feb95dc09f7d20ecc935e77b0ad
389-ds-base-debugsource-2.4.5-26.el9_4.x86_64.rpm SHA-256: b2dfac2f8afaefc8c2c421f359046820a11bf90d02630f8ad1f8c4e299f1e44e
389-ds-base-libs-2.4.5-26.el9_4.x86_64.rpm SHA-256: 8ce3d4201f373db634d85e48d1ae4cc43628c9048b1ef407396d1f8438f5cc6a
389-ds-base-libs-debuginfo-2.4.5-26.el9_4.x86_64.rpm SHA-256: 36c4231ee138facf56871d942d609ad51faa1ae534921f60f4e6de9ee64fa6aa
389-ds-base-snmp-debuginfo-2.4.5-26.el9_4.x86_64.rpm SHA-256: 91c6ea9439c34c1d0b65e96df9045b743c3d8ea1dd7cbd49fa874561064e6561
python3-lib389-2.4.5-26.el9_4.noarch.rpm SHA-256: 3d2cbd60a8facc35027050c8601d0f56cc08303d70287e10493805e78d4c5e43

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
389-ds-base-2.4.5-26.el9_4.src.rpm SHA-256: 2bea4e2544e81fc90a445f1d04ac11ba29ef03a6c6b24771fdc339c40e9b757b
ppc64le
389-ds-base-2.4.5-26.el9_4.ppc64le.rpm SHA-256: a2dcfaf08405ea7b95effb00088f783e69865da22d536dfa88a2d852928863bc
389-ds-base-debuginfo-2.4.5-26.el9_4.ppc64le.rpm SHA-256: 1ad8f09e15d9f3b30f08a4c30e4e0dadb44f171f2b586b4ca6c7de43799678b6
389-ds-base-debugsource-2.4.5-26.el9_4.ppc64le.rpm SHA-256: 0a12ff7561e170756f2ebbd237caf6bcb1c80b485d9a1b7bbecc2054535015f3
389-ds-base-libs-2.4.5-26.el9_4.ppc64le.rpm SHA-256: 65dae3e318f43b654eb234f911cc659eb4be91ee9f3b79e97cb5831eccb65a83
389-ds-base-libs-debuginfo-2.4.5-26.el9_4.ppc64le.rpm SHA-256: c02aa9459dfe6084166a40e6606bb58bca6292df75c60c2744780019bbc4872c
389-ds-base-snmp-debuginfo-2.4.5-26.el9_4.ppc64le.rpm SHA-256: c98c454e538ae007d2804e84b6c38584655bed3866e1de6b93e7ccddc0baf058
python3-lib389-2.4.5-26.el9_4.noarch.rpm SHA-256: 3d2cbd60a8facc35027050c8601d0f56cc08303d70287e10493805e78d4c5e43

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
389-ds-base-2.4.5-26.el9_4.src.rpm SHA-256: 2bea4e2544e81fc90a445f1d04ac11ba29ef03a6c6b24771fdc339c40e9b757b
x86_64
389-ds-base-2.4.5-26.el9_4.x86_64.rpm SHA-256: ad5c9e825a698153e66e7d5524c6cfb53e2b3953275756fd87a1e55d71b0f59d
389-ds-base-debuginfo-2.4.5-26.el9_4.x86_64.rpm SHA-256: 8bcaf8dd5412349e0158e4ba31bc823fb9682feb95dc09f7d20ecc935e77b0ad
389-ds-base-debugsource-2.4.5-26.el9_4.x86_64.rpm SHA-256: b2dfac2f8afaefc8c2c421f359046820a11bf90d02630f8ad1f8c4e299f1e44e
389-ds-base-libs-2.4.5-26.el9_4.x86_64.rpm SHA-256: 8ce3d4201f373db634d85e48d1ae4cc43628c9048b1ef407396d1f8438f5cc6a
389-ds-base-libs-debuginfo-2.4.5-26.el9_4.x86_64.rpm SHA-256: 36c4231ee138facf56871d942d609ad51faa1ae534921f60f4e6de9ee64fa6aa
389-ds-base-snmp-debuginfo-2.4.5-26.el9_4.x86_64.rpm SHA-256: 91c6ea9439c34c1d0b65e96df9045b743c3d8ea1dd7cbd49fa874561064e6561
python3-lib389-2.4.5-26.el9_4.noarch.rpm SHA-256: 3d2cbd60a8facc35027050c8601d0f56cc08303d70287e10493805e78d4c5e43

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
389-ds-base-2.4.5-26.el9_4.src.rpm SHA-256: 2bea4e2544e81fc90a445f1d04ac11ba29ef03a6c6b24771fdc339c40e9b757b
aarch64
389-ds-base-2.4.5-26.el9_4.aarch64.rpm SHA-256: 7d6c061ed9f516bd1102c6cdad87362c61f1d70d4e5d7506533c252891e053ee
389-ds-base-debuginfo-2.4.5-26.el9_4.aarch64.rpm SHA-256: 917a7ee3edf06e821450b24530de371051fdc9aaaee0beded133fba8bd68a33b
389-ds-base-debugsource-2.4.5-26.el9_4.aarch64.rpm SHA-256: 3e1a153f6e8750d27311da5664be176c13334aa36a19d4da5daac152a5bbfb65
389-ds-base-libs-2.4.5-26.el9_4.aarch64.rpm SHA-256: 08c81233ea75a12a875d504491c46f87a22e8681f0159ee998e62a72e2e4cc28
389-ds-base-libs-debuginfo-2.4.5-26.el9_4.aarch64.rpm SHA-256: 4bcf81e33e902659af65b3d6c85bcce1cf929ba1333a72b33dfb7c3bbcd4e6d0
389-ds-base-snmp-debuginfo-2.4.5-26.el9_4.aarch64.rpm SHA-256: c1ab4cb3602d53299813483fa63a16ac12395f688c7eb5e9069f88387f75fdad
python3-lib389-2.4.5-26.el9_4.noarch.rpm SHA-256: 3d2cbd60a8facc35027050c8601d0f56cc08303d70287e10493805e78d4c5e43

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
389-ds-base-2.4.5-26.el9_4.src.rpm SHA-256: 2bea4e2544e81fc90a445f1d04ac11ba29ef03a6c6b24771fdc339c40e9b757b
s390x
389-ds-base-2.4.5-26.el9_4.s390x.rpm SHA-256: 981051a615465a1121ba88a14eadb2175c0fb98257405e225a3b165d53a5f66d
389-ds-base-debuginfo-2.4.5-26.el9_4.s390x.rpm SHA-256: 2f1f0645546d9375b2ab776f4dbf62643dd8eeab675af0d86b18abcefc007839
389-ds-base-debugsource-2.4.5-26.el9_4.s390x.rpm SHA-256: 13bfd904dfe010d2ba71cd3f618b936f4531f7e1076edab021cf348c1deec807
389-ds-base-libs-2.4.5-26.el9_4.s390x.rpm SHA-256: a4171b61d2f8322ec97ba0063d22feed80b1c8c155054e68c8a79de7c04d7c15
389-ds-base-libs-debuginfo-2.4.5-26.el9_4.s390x.rpm SHA-256: f904ae9a97bfd72930d0a27ef6dd95ca07633f50ab1f74f4805c437ced275230
389-ds-base-snmp-debuginfo-2.4.5-26.el9_4.s390x.rpm SHA-256: d60562fa133c8dc4e9b5235a52056ff1141ce1d50ea4add357a8d9412b3ccd25
python3-lib389-2.4.5-26.el9_4.noarch.rpm SHA-256: 3d2cbd60a8facc35027050c8601d0f56cc08303d70287e10493805e78d4c5e43

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4

SRPM
389-ds-base-2.4.5-26.el9_4.src.rpm SHA-256: 2bea4e2544e81fc90a445f1d04ac11ba29ef03a6c6b24771fdc339c40e9b757b
x86_64
389-ds-base-2.4.5-26.el9_4.x86_64.rpm SHA-256: ad5c9e825a698153e66e7d5524c6cfb53e2b3953275756fd87a1e55d71b0f59d
389-ds-base-debuginfo-2.4.5-26.el9_4.x86_64.rpm SHA-256: 8bcaf8dd5412349e0158e4ba31bc823fb9682feb95dc09f7d20ecc935e77b0ad
389-ds-base-debugsource-2.4.5-26.el9_4.x86_64.rpm SHA-256: b2dfac2f8afaefc8c2c421f359046820a11bf90d02630f8ad1f8c4e299f1e44e
389-ds-base-libs-2.4.5-26.el9_4.x86_64.rpm SHA-256: 8ce3d4201f373db634d85e48d1ae4cc43628c9048b1ef407396d1f8438f5cc6a
389-ds-base-libs-debuginfo-2.4.5-26.el9_4.x86_64.rpm SHA-256: 36c4231ee138facf56871d942d609ad51faa1ae534921f60f4e6de9ee64fa6aa
389-ds-base-snmp-debuginfo-2.4.5-26.el9_4.x86_64.rpm SHA-256: 91c6ea9439c34c1d0b65e96df9045b743c3d8ea1dd7cbd49fa874561064e6561
python3-lib389-2.4.5-26.el9_4.noarch.rpm SHA-256: 3d2cbd60a8facc35027050c8601d0f56cc08303d70287e10493805e78d4c5e43

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4

SRPM
389-ds-base-2.4.5-26.el9_4.src.rpm SHA-256: 2bea4e2544e81fc90a445f1d04ac11ba29ef03a6c6b24771fdc339c40e9b757b
aarch64
389-ds-base-2.4.5-26.el9_4.aarch64.rpm SHA-256: 7d6c061ed9f516bd1102c6cdad87362c61f1d70d4e5d7506533c252891e053ee
389-ds-base-debuginfo-2.4.5-26.el9_4.aarch64.rpm SHA-256: 917a7ee3edf06e821450b24530de371051fdc9aaaee0beded133fba8bd68a33b
389-ds-base-debugsource-2.4.5-26.el9_4.aarch64.rpm SHA-256: 3e1a153f6e8750d27311da5664be176c13334aa36a19d4da5daac152a5bbfb65
389-ds-base-libs-2.4.5-26.el9_4.aarch64.rpm SHA-256: 08c81233ea75a12a875d504491c46f87a22e8681f0159ee998e62a72e2e4cc28
389-ds-base-libs-debuginfo-2.4.5-26.el9_4.aarch64.rpm SHA-256: 4bcf81e33e902659af65b3d6c85bcce1cf929ba1333a72b33dfb7c3bbcd4e6d0
389-ds-base-snmp-debuginfo-2.4.5-26.el9_4.aarch64.rpm SHA-256: c1ab4cb3602d53299813483fa63a16ac12395f688c7eb5e9069f88387f75fdad
python3-lib389-2.4.5-26.el9_4.noarch.rpm SHA-256: 3d2cbd60a8facc35027050c8601d0f56cc08303d70287e10493805e78d4c5e43

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4

SRPM
389-ds-base-2.4.5-26.el9_4.src.rpm SHA-256: 2bea4e2544e81fc90a445f1d04ac11ba29ef03a6c6b24771fdc339c40e9b757b
ppc64le
389-ds-base-2.4.5-26.el9_4.ppc64le.rpm SHA-256: a2dcfaf08405ea7b95effb00088f783e69865da22d536dfa88a2d852928863bc
389-ds-base-debuginfo-2.4.5-26.el9_4.ppc64le.rpm SHA-256: 1ad8f09e15d9f3b30f08a4c30e4e0dadb44f171f2b586b4ca6c7de43799678b6
389-ds-base-debugsource-2.4.5-26.el9_4.ppc64le.rpm SHA-256: 0a12ff7561e170756f2ebbd237caf6bcb1c80b485d9a1b7bbecc2054535015f3
389-ds-base-libs-2.4.5-26.el9_4.ppc64le.rpm SHA-256: 65dae3e318f43b654eb234f911cc659eb4be91ee9f3b79e97cb5831eccb65a83
389-ds-base-libs-debuginfo-2.4.5-26.el9_4.ppc64le.rpm SHA-256: c02aa9459dfe6084166a40e6606bb58bca6292df75c60c2744780019bbc4872c
389-ds-base-snmp-debuginfo-2.4.5-26.el9_4.ppc64le.rpm SHA-256: c98c454e538ae007d2804e84b6c38584655bed3866e1de6b93e7ccddc0baf058
python3-lib389-2.4.5-26.el9_4.noarch.rpm SHA-256: 3d2cbd60a8facc35027050c8601d0f56cc08303d70287e10493805e78d4c5e43

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4

SRPM
389-ds-base-2.4.5-26.el9_4.src.rpm SHA-256: 2bea4e2544e81fc90a445f1d04ac11ba29ef03a6c6b24771fdc339c40e9b757b
s390x
389-ds-base-2.4.5-26.el9_4.s390x.rpm SHA-256: 981051a615465a1121ba88a14eadb2175c0fb98257405e225a3b165d53a5f66d
389-ds-base-debuginfo-2.4.5-26.el9_4.s390x.rpm SHA-256: 2f1f0645546d9375b2ab776f4dbf62643dd8eeab675af0d86b18abcefc007839
389-ds-base-debugsource-2.4.5-26.el9_4.s390x.rpm SHA-256: 13bfd904dfe010d2ba71cd3f618b936f4531f7e1076edab021cf348c1deec807
389-ds-base-libs-2.4.5-26.el9_4.s390x.rpm SHA-256: a4171b61d2f8322ec97ba0063d22feed80b1c8c155054e68c8a79de7c04d7c15
389-ds-base-libs-debuginfo-2.4.5-26.el9_4.s390x.rpm SHA-256: f904ae9a97bfd72930d0a27ef6dd95ca07633f50ab1f74f4805c437ced275230
389-ds-base-snmp-debuginfo-2.4.5-26.el9_4.s390x.rpm SHA-256: d60562fa133c8dc4e9b5235a52056ff1141ce1d50ea4add357a8d9412b3ccd25
python3-lib389-2.4.5-26.el9_4.noarch.rpm SHA-256: 3d2cbd60a8facc35027050c8601d0f56cc08303d70287e10493805e78d4c5e43

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2026 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility