SUSE-RU-2025:3693-1: important: Recommended update for 389-ds

SLE-UPDATES null at suse.de
Tue Oct 21 08:31:53 UTC 2025 


# Recommended update for 389-ds

Announcement ID: SUSE-RU-2025:3693-1  
Release Date: 2025-10-21T05:47:29Z  
Rating: important  
References:

  * bsc#1243428
  * bsc#1249033

  
Affected Products:

  * openSUSE Leap 15.6
  * Server Applications Module 15-SP6
  * SUSE Linux Enterprise Real Time 15 SP6
  * SUSE Linux Enterprise Server 15 SP6
  * SUSE Linux Enterprise Server for SAP Applications 15 SP6

  
  
An update that has two fixes can now be installed.

## Description:

This update for 389-ds fixes the following issues:

  * prevent segfault on extremely large queries (bsc#1249033).
  * do not delete referrals on chain_on_update backend
  * prevent stack depth being hit
  * resolve infinite loop due when loading RUV entryrdn (bsc#1243428)
  * The parentId attribute is indexed with improper matching rule
  * When deferred memberof update is enabled after the server crashed it should
    not launch memberof fixup task by default
  * Compilation failure with rust-1.89 on Fedora ELN
  * statistics about index lookup report a wrong duration
  * Fix memory leaks
  * dsconf monitor server fails with ldapi:// due to absent server ID
  * Make user/subtree policy creation idempotent
  * AddressSanitizer: leak in agmt_update_init_status
  * AddressSanitizer: leak in do_search
  * AddressSanitizer: memory leak in mdb_init
  * Memory leak in roles_cache_create_object_from_entry part 2
  * Memory leak in roles_cache_create_object_from_entry
  * RFE - Allow system to manage uid/gid at startup
  * Adjust xfail marks
  * ns-slapd crashes when a referral is added
  * CLI - Fix default error log level
  * Fix disk monitoring test failures and improve test maintainability
  * Mask password hashes in audit logs
  * Add test for numSubordinates replication consistency with tombstones
  * Add test for entryUSN overflow on failed add operations
  * Crash if repl keep alive entry can not be created
  * Log user that is updated during password modify extended operation
  * dsconf - Replicas with the "consumer" role allow for viewing and
    modification of their changelog.
  * instance read-only mode is broken
  * Prevent repeated disconnect logs during shutdown
  * compressed log rotation creates files with world readable permission
  * str2filter is not fully applying matching rules
  * CLI, UI - Properly handle disabled NDN cache
  * uiduniq: allow specifying match rules in the filter
  * lib389/replica.py is using nonexistent datetime.UTC in Python 3.9
  * Backend creation cleanup and Database UI tab error handling
  * Improve paged result locking
  * Synchronise accept_thread with slapd_daemon
  * RootDN Access Control Plugin with wildcards for IP addre…
  * Exception thrown by dsconf instance repl get_ruv
  * Incorrect pwdpolicysubentry returned for an entry with user password policy
  * Update concread to 0.5.6
  * Add a CI test
  * Password modify extended operation should skip password policy checks when
    executed by root DN
  * dsconf backend replication monitor fails if replica id starts with 0
  * NPE after configuring invalid filtered role
  * modrdn fails when a user is member of multiple groups
  * Enabling audit log makes slapd coredump
  * CI fails with Fedora 41 and DNF5
  * Improve error message when bulk import connection is closed

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.6  
    zypper in -t patch SUSE-2025-3693=1 openSUSE-SLE-15.6-2025-3693=1

  * Server Applications Module 15-SP6  
    zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-3693=1

## Package List:

  * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
    * libsvrcore0-2.2.10~git146.78a60e3ac-150600.8.23.1
    * 389-ds-devel-2.2.10~git146.78a60e3ac-150600.8.23.1
    * 389-ds-snmp-2.2.10~git146.78a60e3ac-150600.8.23.1
    * 389-ds-debuginfo-2.2.10~git146.78a60e3ac-150600.8.23.1
    * libsvrcore0-debuginfo-2.2.10~git146.78a60e3ac-150600.8.23.1
    * lib389-2.2.10~git146.78a60e3ac-150600.8.23.1
    * 389-ds-snmp-debuginfo-2.2.10~git146.78a60e3ac-150600.8.23.1
    * 389-ds-2.2.10~git146.78a60e3ac-150600.8.23.1
    * 389-ds-debugsource-2.2.10~git146.78a60e3ac-150600.8.23.1
  * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
    * libsvrcore0-2.2.10~git146.78a60e3ac-150600.8.23.1
    * 389-ds-devel-2.2.10~git146.78a60e3ac-150600.8.23.1
    * 389-ds-debuginfo-2.2.10~git146.78a60e3ac-150600.8.23.1
    * libsvrcore0-debuginfo-2.2.10~git146.78a60e3ac-150600.8.23.1
    * lib389-2.2.10~git146.78a60e3ac-150600.8.23.1
    * 389-ds-2.2.10~git146.78a60e3ac-150600.8.23.1
    * 389-ds-debugsource-2.2.10~git146.78a60e3ac-150600.8.23.1

## References:

  * https://bugzilla.suse.com/show_bug.cgi?id=1243428
  * https://bugzilla.suse.com/show_bug.cgi?id=1249033

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20251021/85b8269b/attachment.htm>

More information about the sle-updates mailing list