Debian LTS exim4 Important Info Disclosure Fix DLA-4615-1 CVE-2026-48840
debian lts
June 5, 2026
Warisjeet Singh discovered that Exim, a mail transport agent, does not properly handle PROXY frames whose declared payload length is too short for the claimed address family, which...
Topics Covered
Summary
Warisjeet Singh discovered that Exim, a mail transport agent, does not
properly handle PROXY frames whose declared payload length is too short
for the claimed address family, which may result in information
disclosure in configurations with SUPPORT_PROXY and 'host_proxy' set.
For Debian 11 bullseye, this problem has been fixed in version
4.94.2-7+deb11u6.
We recommend that you upgrade your exim4 packages.
For the detailed security status of exim4 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/exim4
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Package: exim4
Version: 4.94.2-7+deb11u6
CVE ID: CVE-2026-48840
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!