This update for 389-ds to version 1.4.0.26 fixes the following issues: Security issues fixed: - CVE-2016-5416: Fixed an information disclosure where a anonymous user could read the default ACI . - CVE-2018-1054: Fixed a denial of service via search filters in SetUnicodeStringFromUTF_8 . - CVE-2018-1089: Fixed a buffer overflow via large filter value . - CVE-2018-10871: Fixed an information disclosure in certain plugins leading to the disclosure of plaintext password to an privileged attackers . - CVE-2018-14638: Fixed a denial of service through a crash in delete_passwdPolicy . - CVE-2018-14648: Fixed a denial of service caused by malformed values in search queries . - CVE-2018-10935: Fixed a denial of service related to ldapsearch with server side sort . - CVE-2019-3883: Fixed a denial of service caused by hanging LDAP requests over TLS .