Ubuntu alert USN-8228-1 (exim4)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8228-1] Exim vulnerabilities | |
| Date: | Mon, 04 May 2026 13:52:01 +0000 | |
| Message-ID: | <E1wJtiL-0006Sw-UL@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8228-1 May 04, 2026 exim4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in Exim. Software Description: - exim4: Exim is a mail transport agent Details: It was discovered that Exim incorrectly handled parsing malformed JSON in message headers. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2026-40685) It was discovered that Exim incorrectly handled processing of UTF-8 trailing characters. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-40686) It was discovered that Exim incorrectly handled SPA authenticator input. An authenticated user could possibly use this issue to execute arbitrary code. (CVE-2026-40687) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS exim4 4.99.1-1ubuntu1.1 exim4-base 4.99.1-1ubuntu1.1 eximon4 4.99.1-1ubuntu1.1 Ubuntu 25.10 exim4 4.98.2-1ubuntu2.1 exim4-base 4.98.2-1ubuntu2.1 eximon4 4.98.2-1ubuntu2.1 Ubuntu 24.04 LTS exim4 4.97-4ubuntu4.4 exim4-base 4.97-4ubuntu4.4 eximon4 4.97-4ubuntu4.4 Ubuntu 22.04 LTS exim4 4.95-4ubuntu2.7 exim4-base 4.95-4ubuntu2.7 eximon4 4.95-4ubuntu2.7 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8228-1 CVE-2026-40685, CVE-2026-40686, CVE-2026-40687 Package Information: https://launchpad.net/ubuntu/+source/exim4/4.99.1-1ubuntu1.1 https://launchpad.net/ubuntu/+source/exim4/4.98.2-1ubuntu2.1 https://launchpad.net/ubuntu/+source/exim4/4.97-4ubuntu4.4 https://launchpad.net/ubuntu/+source/exim4/4.95-4ubuntu2.7
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmn4pDoACgkQcpJm3tlz hgFc4Q//RPnMag/9CSCkM+M8aqWOOSqslwWe0IpTpl24M5HODD66dSqIylQHk8tK com7OVG7x5eXXh1Lh+UA4h9tHXm7EYmSw1wwJUtVP0aPLROUy0dijI9s7H+cZK5p Lb/xL7m0KztVjZ7O/3pS55yot1WvQMxo8Sm9WPUp+rPvQJDxzv84LHWUY4V5u6D6 jqLaRTV4d4MFm3IQxy/LSRJ7GN5XvBdG1pns0LlOc3aaX+ZcNfqAP4QAZc0TuYca zAWFgaSQS/J5fjuxR4G9nZDISRu1MpSbUMMewRighn0uoo+pTI7MX+kVCRL8kD2C TMSBte1QVl1o1OAXxDhdZ4Uj7gCWiiQId8m9L/q69OGHLlENKMihDEwxxA9CR0nX m4jBw+6+sOdcbW8grvhO0dMAELm5Wo/CGzXwpyFp/IfaOd9bpFwNDiUcX9LueeYs 01dOkJiCVUzQUXwizwNf/uY32EnMRBvbEjXFT5Ct4Oax3kOhMpcmNy2rDj5LkRBR SFhApgE069Sdel+QFFBw15g8v7g3GVTEz2iL9HDLAR//XKj+7wqaUcg52Ap4DM3L 2vL2dxH3FYfNKdIXUq/0X2n/83xeQV2dtAptNDHMwEwbCdszxV4DIUWYKjgUw8Xg wwvO6vro2UiaOWrbrgDOeo82CzW7by8uhtDP8nGYXW8AUinj1i0= =0AFu -----END PGP SIGNATURE-----