Explore top 10 tips to secure your open-source projects now. Read More
×USN-6455-1 introduced a regression in Exim. ========================================================================== Ubuntu Security Notice USN-6455-2 June 10, 2026 exim4 regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: USN-6455-1 introduced a regression in Exim Software Description: - exim4: Exim is a mail transport agent Details: USN-6455-1 fixed vulnerabilities in Exim. The fix for CVE-2023-42117 introduced a regression on Ubuntu 22.04 LTS that resulted in certain connections logging a Taint mismatch error. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Exim incorrectly handled validation of user-supplied data, which could lead to memory corruption. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2023-42117) It was discovered that Exim incorrectly handled validation of user-supplied data, which could lead to an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2023-42119) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS exim4 4.95-4ubuntu2.10 exim4-daemon-heavy 4.95-4ubuntu2.10 exim4-daemon-light 4.95-4ubuntu2.10 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6455-2 https://ubuntu.com/security/notices/USN-6455-1 https://launchpad.net/bugs/2152830 Package Information: https://launchpad.net/ubuntu/+source/exim4/4.95-4ubuntu2.10 . Exim on Ubuntu 22.04 LTS had a regression after security fix USN-6455-1, affecting stability when handling user data.. Ubuntu Security, Exim4 Malware, Memory Corruption Fix, Remote Attack Vulnerability, Exim Regression Update. . Severity: Important.LinuxSecurity.com Team
Warisjeet Singh discovered that Exim, a mail transport agent, does not properly handle PROXY frames whose declared payload length is too short for the claimed address family, which may result in information disclosure in configurations with SUPPORT_PROXY and 'host_proxy' set. For Debian 11 bullseye, this problem has been fixed in version. Debian LTS Advisory DLA-4615-1
Warisjeet Singh discovered that Exim, a mail transport agent, does not properly handle PROXY frames whose declared payload length is too short for the claimed address family, which may result in information disclosure in configurations with SUPPORT_PROXY and 'host_proxy' set. For Debian 11 bullseye, this problem has been fixed in version. Debian LTS Advisory DLA-4615-1
A vulnerability has been discovered in the Exim mail transport agent, which may result in remote code execution. For Debian 11 bullseye, this problem has been fixed in version 4.94.2-7+deb11u5. We recommend that you upgrade your exim4 packages.. Debian LTS Advisory DLA-4580-1
It was discovered that a use-after-free vulnerability in Exim4, a mail transport agent, may result in privilege escalation for a local attacker. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5887-1
Multiple potential security vulnerabilities have been addressed in exim4, a mail transport agent. These issues may allow remote attackers to disclose sensitive information or execute arbitrary code but only if Exim4 is run behind or with untrusted proxy servers or DNS resolvers. If your proxy-protocol proxy . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3938-1
It was discovered that Exim, a mail transport agent, can be induced to accept a second message embedded as part of the body of a first message in certain configurations where PIPELINING or CHUNKING on incoming connections is offered. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3708-1
It was discovered that Exim, a mail transport agent, can be induced to accept a second message embedded as part of the body of a first message in certain configurations where PIPELINING or CHUNKING on incoming connections is offered. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5597-1
Get the latest Linux and open source security news straight to your inbox.