Ubuntu alert USN-8353-1 (exim4)

From:
             
 
noreply+usn-bot--- via ubuntu-security-announce <ubuntu-security-announce@lists.ubuntu.com>
To:
             
 
ubuntu-security-announce@lists.ubuntu.com
Subject:
             
 
[USN-8353-1] Exim vulnerability
Date:
             
 
Mon, 01 Jun 2026 18:06:45 +0000
Message-ID:
             
 
<E1wU72D-0000NU-LQ@lists.ubuntu.com>
Cc:
             
 
noreply+usn-bot@canonical.com
==========================================================================
Ubuntu Security Notice USN-8353-1
June 01, 2026

exim4 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Exim could be made to expose sensitive information over the network.

Software Description:
- exim4: Exim is a mail transport agent

Details:

Warisjeet Singh discovered that Exim with SUPPORT_PROXY enabled did not
properly handle memory before SMTP authentication. A remote attacker could
possibly use this issue to obtain sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  exim4                           4.99.1-1ubuntu1.3
  exim4-base                      4.99.1-1ubuntu1.3
  eximon4                         4.99.1-1ubuntu1.3

Ubuntu 25.10
  exim4                           4.98.2-1ubuntu2.3
  exim4-base                      4.98.2-1ubuntu2.3
  eximon4                         4.98.2-1ubuntu2.3

Ubuntu 24.04 LTS
  exim4                           4.97-4ubuntu4.6
  exim4-base                      4.97-4ubuntu4.6
  eximon4                         4.97-4ubuntu4.6

Ubuntu 22.04 LTS
  exim4                           4.95-4ubuntu2.9
  exim4-base                      4.95-4ubuntu2.9
  eximon4                         4.95-4ubuntu2.9

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8353-1
  CVE-2026-48840

Package Information:
  https://launchpad.net/ubuntu/+source/exim4/4.99.1-1ubuntu1.3
  https://launchpad.net/ubuntu/+source/exim4/4.98.2-1ubuntu2.3
  https://launchpad.net/ubuntu/+source/exim4/4.97-4ubuntu4.6
  https://launchpad.net/ubuntu/+source/exim4/4.95-4ubuntu2.9


Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmodxpYACgkQcpJm3tlz
hgHOFhAApJNuhtiIHmG3krjgFdxrCyKONWzRfb80iw5BSmTX67DIAYuni+CV+bqm
+413J7WUBQ4rIN7QOYABhfCpQV99NY7DrCnpidsxV6gRoRRCxe0hDDbP/6fgQUAi
gjlPgF+Ws2kdiZeJTeAocZJESfkKXcrnDaUEoVEPXuuTob/ZCVnpVwBrr1i1sbrZ
j6gxjHZS6y1/9O9zRYAYt7OW4SmiNx8SYfvid68fZbRNPxz08jur0kJiZWeC3911
vDqROmcEzDtDkxAtLCExvSK3fz3mJoB4sNJTglFU8C0iADndnAu0Bqu8HbgA7BRi
jsSZcBChCvQsRobnQvvkAJjrDMnAv9HJKD5FRTr9rFQjozc+TVuPuy12OET9tdHC
KAHAkmOf6AkH2g8Okro+4iWnrKSuyYxPheyg6evX7yATFmoh+om4zES++qlywsCF
yd5UYhazTVACqwQlhaCZlJtk/L0IdKrhlTKPNYPd37bvy7Ts7Xgti3yIUY3RuTHd
TCZ4mhAh5Vx4YLDDpaAgBGr7YGE9PL0mmr/VgSE49MKJoWpIRIBVrY90tBZfxSvg
+vkmN7opCAVsDcQ0LVV+79IRA1RJY7JMJ/UfQnKZQzxcvVG8nMXCx44n9GunvKqW
drfxiJtUSkn4UEKallVnUYhQp6GgN9NBtVWDQbCHt0bUkLwfwGE=
=oIM1
-----END PGP SIGNATURE-----