Ubuntu Exim Security Advisory 8382-1 CVE-2023-51766 CVE-2026-40685
Jun 03, 2026
•
LinuxSecurity Advisories
2 - 4 min read
Topics Covered
Several security issues were fixed in Exim.
==========================================================================
Ubuntu Security Notice USN-8382-1
June 03, 2026
exim4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Exim.
Software Description:
- exim4: Exim is a mail transport agent
Details:
Timo Longin discovered that Exim incorrectly handled certain SMTP messages
in PIPELINING/CHUNKING configurations. A remote attacker could possibly use
this issue to perform SMTP smuggling. This issue only affected Ubuntu
14.04 LTS. (CVE-2023-51766)
It was discovered that Exim incorrectly handled certain malformed JSON
data in headers. A remote attacker could possibly use this issue to crash
Exim, resulting in a denial of service, or execute arbitrary code. This
issue only affected Ubuntu 20.04 LTS. (CVE-2026-40685)
It was discovered that Exim incorrectly handled certain malformed UTF-8
headers. A remote attacker could possibly use this issue to obtain
sensitive information. This issue only affected Ubuntu 20.04 LTS.
(CVE-2026-40686)
It was discovered that Exim incorrectly handled certain SPA resources.
A remote attacker could possibly use this issue to crash Exim, resulting in
a denial of service, or obtain sensitive information. This issue only
affected Ubuntu 20.04 LTS. (CVE-2026-40687)
It was discovered that Exim incorrectly handled certain CHUNKING
transfers in some GnuTLS configurations. A remote attacker could possibly
use this issue to crash Exim, resulting in a denial of service, or execute
arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2026-45185)
Warisjeet Singh discovered that Exim incorrectly handled certain proxy
connections in builds with proxy support enabled. A remote attacker could
possibly use this issue to obtain sensitive information. This issue only
affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
(CVE-2026-48840)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
exim4 4.93-13ubuntu1.12+esm1
Available with Ubuntu Pro
exim4-base 4.93-13ubuntu1.12+esm1
Available with Ubuntu Pro
exim4-daemon-heavy 4.93-13ubuntu1.12+esm1
Available with Ubuntu Pro
exim4-daemon-light 4.93-13ubuntu1.12+esm1
Available with Ubuntu Pro
exim4-dev 4.93-13ubuntu1.12+esm1
Available with Ubuntu Pro
eximon4 4.93-13ubuntu1.12+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
exim4 4.90.1-1ubuntu1.10+esm6
Available with Ubuntu Pro
exim4-base 4.90.1-1ubuntu1.10+esm6
Available with Ubuntu Pro
exim4-daemon-heavy 4.90.1-1ubuntu1.10+esm6
Available with Ubuntu Pro
exim4-daemon-light 4.90.1-1ubuntu1.10+esm6
Available with Ubuntu Pro
exim4-dev 4.90.1-1ubuntu1.10+esm6
Available with Ubuntu Pro
eximon4 4.90.1-1ubuntu1.10+esm6
Available with Ubuntu Pro
Ubuntu 16.04 LTS
exim4 4.86.2-2ubuntu2.6+esm9
Available with Ubuntu Pro
exim4-base 4.86.2-2ubuntu2.6+esm9
Available with Ubuntu Pro
exim4-daemon-heavy 4.86.2-2ubuntu2.6+esm9
Available with Ubuntu Pro
exim4-daemon-light 4.86.2-2ubuntu2.6+esm9
Available with Ubuntu Pro
exim4-dev 4.86.2-2ubuntu2.6+esm9
Available with Ubuntu Pro
eximon4 4.86.2-2ubuntu2.6+esm9
Available with Ubuntu Pro
Ubuntu 14.04 LTS
exim4 4.82-3ubuntu2.4+esm9
Available with Ubuntu Pro
exim4-base 4.82-3ubuntu2.4+esm9
Available with Ubuntu Pro
exim4-daemon-heavy 4.82-3ubuntu2.4+esm9
Available with Ubuntu Pro
exim4-daemon-light 4.82-3ubuntu2.4+esm9
Available with Ubuntu Pro
exim4-dev 4.82-3ubuntu2.4+esm9
Available with Ubuntu Pro
eximon4 4.82-3ubuntu2.4+esm9
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8382-1
CVE-2023-51766, CVE-2026-40685, CVE-2026-40686, CVE-2026-40687,
CVE-2026-45185, CVE-2026-48840
PREVIOUS
NEXT
Ubuntu Exim Security Advisory 8382-1 CVE-2023-51766 CVE-2026-40685
ubuntu
June 3, 2026
Several security issues were fixed in Exim.
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Exim. Software Description: - exim4: Exim is a mail transport agent Details: Timo Longin discovered that Exim incorrectly handled certain SMTP messages in PIPELINING/CHUNKING configurations. A remote attacker could possibly use this issue to perform SMTP smuggling. This issue only affected Ubuntu 14.04 LTS. (CVE-2023-51766) It was discovered that Exim incorrectly handled certain malformed JSON data in headers. A remote attacker could possibly use this issue to crash Exim, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2026-40685) It was discovered that Exim incorrectly handled certain malformed UTF-8 headers. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 20...
Read the Full Advisory
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS exim4 4.93-13ubuntu1.12+esm1 Available with Ubuntu Pro exim4-base 4.93-13ubuntu1.12+esm1 Available with Ubuntu Pro exim4-daemon-heavy 4.93-13ubuntu1.12+esm1 Available with Ubuntu Pro exim4-daemon-light 4.93-13ubuntu1.12+esm1 Available with Ubuntu Pro exim4-dev 4.93-13ubuntu1.12+esm1 Available with Ubuntu Pro eximon4 4.93-13ubuntu1.12+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS exim4 4.90.1-1ubuntu1.10+esm6 Available with Ubuntu Pro exim4-base 4.90.1-1ubuntu1.10+esm6 Available with Ubuntu Pro exim4-daemon-heavy 4.90.1-1ubuntu1.10+esm6 Available with Ubuntu Pro exim4-daemon-light 4.90.1-1ubuntu1.10+esm6 Available with Ubuntu Pro exim4-dev 4.90.1-1ubuntu1.10+esm6 Available with Ubuntu Pro eximon4 4.90.1-1ubuntu1.10+esm6 Available with Ubuntu Pro Ubuntu 16.04 LTS exim4 4.86.2-2ubuntu2.6+esm9 Available with Ubuntu Pro exim4-base 4.86.2-2ubuntu2.6+esm9 Available with Ubuntu Pro exim4-daemon-heavy 4.86.2-2ubuntu2.6+esm9 Available with Ubuntu Pro exim4-daemon-light 4.86.2-2ubuntu2.6+esm9 Available with Ubuntu Pro exim4-dev 4.86.2-2ubuntu2.6+esm9 Available with Ubuntu Pro eximon4 4.86.2-2ubuntu2.6+esm9 Available with Ubuntu Pro Ubuntu 14.04 LTS exim4 4.82-3ubuntu2.4+esm9 Available with Ubuntu Pro exim4-base 4.82-3ubuntu2.4+esm9 Available with Ubuntu Pro exim4-daemon-heavy 4.82-3ubuntu2.4+esm9 Available with Ubuntu Pro exim4-daemon-light 4.82-3ubuntu2.4+esm9 Available with Ubuntu Pro exim4-dev 4.82-3ubuntu2.4+esm9 Available with Ubuntu Pro eximon4 4.82-3ubuntu2.4+esm9 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-8382-1
CVE-2023-51766, CVE-2026-40685, CVE-2026-40686, CVE-2026-40687,
CVE-2026-45185, CVE-2026-48840
Severity
important
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-8382-1
Topics Covered
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!