Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 493
Alerts This Week
Warning Icon 1 493

openSUSE 389-ds Important Denial Of Service CVE-2026-9064 2026-2418-1

opensuse
Calendar Grey June 16, 2026
Dist Opensuse Esm H88
# Security update for 389-ds Announcement ID: SUSE-SU-2026:2418-1 Release Date: 2026-06-16T13:29:42Z
An update that solves one vulnerability can now be installed.

Description

This update for 389-ds fixes the following issue

Update to 2.2.10~git229.1fa7ffdb4:

* CVE-2026-9064: unbounded LDAP controls count in

`get_ldapmessage_controls_ext()` can lead to amplified CPU time and heap

allocation and a denial of service (bsc#1265898).

Changelog:

* Issue 7503 - CVE-2026-9064 - Add a limit to the number controls per

operation

* Issue 7457 - Refactor memberOf perf test (#7458)

* Issue 7431 - password policy - passwordBadWords is ignored in local policies

* Issue 7417 - UI - global password policy syntax settings missing

passwordMaxRepeats

* Issue 3555 - UI - Fix audit issue with npm - brace-expansion (#7411)

* Issue 7088 - Change log level for "Can't locate CSN" error message

* Issue 7423 - cleanup pblock after freeing pre/post entries

* Issue 7418 - Use-after-free in deferred memberof (#7419)

* Issue 7277 - UI - Fix Japanese translation errors errors in Cockpit UI

(#7386)

* Issue 7126 - WARN - keys2idl - received NULL...

Read the Full Advisory

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6

zypper in -t patch SUSE-2026-2418=1

* SUSE Linux Enterprise Server 15 SP6 LTSS

zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2418=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6

zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2418=1

Package List

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)

* lib389-2.2.10~git229.1fa7ffdb4-150600.8.29.1

* libsvrcore0-debuginfo-2.2.10~git229.1fa7ffdb4-150600.8.29.1

* 389-ds-snmp-2.2.10~git229.1fa7ffdb4-150600.8.29.1

* 389-ds-snmp-debuginfo-2.2.10~git229.1fa7ffdb4-150600.8.29.1

* 389-ds-devel-2.2.10~git229.1fa7ffdb4-150600.8.29.1

* 389-ds-2.2.10~git229.1fa7ffdb4-150600.8.29.1

* libsvrcore0-2.2.10~git229.1fa7ffdb4-150600.8.29.1

* 389-ds-debugsource-2.2.10~git229.1fa7ffdb4-150600.8.29.1

* 389-ds-debuginfo-2.2.10~git229.1fa7ffdb4-150600.8.29.1

* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)

* lib389-2.2.10~git229.1fa7ffdb4-150600.8.29.1

* libsvrcore0-debuginfo-2.2.10~git229.1fa7ffdb4-150600.8.29.1

* 389-ds-devel-2.2.10~git229.1fa7ffdb4-150600.8.29.1

* 389-ds-2.2.10~git229.1fa7ffdb4-150600.8.29.1

* libsvrcore0-2.2.10~git229.1fa7ffdb4-150600.8.29.1

* 389-ds-debugsource-2.2.10~git229.1fa7ffdb4-150600.8.29.1

* 389-ds-debuginfo-2.2.10~git229.1fa7ffdb4-150600.8.29.1

* SUSE Linux Enterprise...

Read the Full Advisory

References

* bsc#1265898

## References:

* https://www.suse.com/security/cve/CVE-2026-9064.html

* https://bugzilla.suse.com/show_bug.cgi?id=1265898

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2418-1
Release Date: 2026-06-16T13:29:42Z
Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.