Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 515
Alerts This Week
Warning Icon 1 515

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 17 articles for you...
172

Ubuntu 22.04 LTS Exim4 Moderate Regression CVE-2023-42117

USN-6455-1 introduced a regression in Exim. ========================================================================== Ubuntu Security Notice USN-6455-2 June 10, 2026 exim4 regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: USN-6455-1 introduced a regression in Exim Software Description: - exim4: Exim is a mail transport agent Details: USN-6455-1 fixed vulnerabilities in Exim. The fix for CVE-2023-42117 introduced a regression on Ubuntu 22.04 LTS that resulted in certain connections logging a Taint mismatch error. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Exim incorrectly handled validation of user-supplied data, which could lead to memory corruption. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2023-42117) It was discovered that Exim incorrectly handled validation of user-supplied data, which could lead to an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2023-42119) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS exim4 4.95-4ubuntu2.10 exim4-daemon-heavy 4.95-4ubuntu2.10 exim4-daemon-light 4.95-4ubuntu2.10 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6455-2 https://ubuntu.com/security/notices/USN-6455-1 https://launchpad.net/bugs/2152830 Package Information: https://launchpad.net/ubuntu/+source/exim4/4.95-4ubuntu2.10 . Exim on Ubuntu 22.04 LTS had a regression after security fix USN-6455-1, affecting stability when handling user data.. Ubuntu Security, Exim4 Malware, Memory Corruption Fix, Remote Attack Vulnerability, Exim Regression Update. . Severity: Important.LinuxSecurity.com Team

Calendar%202 Jun 10, 2026 Important Ubuntu
197

Debian 11 Exim4 Critical Update DLA-4615-1 CVE-2026-48840

Warisjeet Singh discovered that Exim, a mail transport agent, does not properly handle PROXY frames whose declared payload length is too short for the claimed address family, which may result in information disclosure in configurations with SUPPORT_PROXY and 'host_proxy' set. For Debian 11 bullseye, this problem has been fixed in version. Debian LTS Advisory DLA-4615-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Thorsten Alteholz June 05, 2026 https://wiki.debian.org/LTS Package : exim4 Version : 4.94.2-7+deb11u6 CVE ID : CVE-2026-48840 Warisjeet Singh discovered that Exim, a mail transport agent, does not properly handle PROXY frames whose declared payload length is too short for the claimed address family, which may result in information disclosure in configurations with SUPPORT_PROXY and 'host_proxy' set. For Debian 11 bullseye, this problem has been fixed in version 4.94.2-7+deb11u6. We recommend that you upgrade your exim4 packages. For the detailed security status of exim4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/exim4 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Exim4 security update addresses information disclosure risk in Debian 11. Upgrade recommended to mitigate vulnerabilities.. exim4 security update, Debian 11 update, information disclosure risk, mail transport agent, system security. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 05, 2026 Critical Debian LTS
197

Debian LTS exim4 Important Info Disclosure Fix DLA-4615-1 CVE-2026-48840

Warisjeet Singh discovered that Exim, a mail transport agent, does not properly handle PROXY frames whose declared payload length is too short for the claimed address family, which may result in information disclosure in configurations with SUPPORT_PROXY and 'host_proxy' set. For Debian 11 bullseye, this problem has been fixed in version. Debian LTS Advisory DLA-4615-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Thorsten Alteholz June 05, 2026 https://wiki.debian.org/LTS Package : exim4 Version : 4.94.2-7+deb11u6 CVE ID : CVE-2026-48840 Warisjeet Singh discovered that Exim, a mail transport agent, does not properly handle PROXY frames whose declared payload length is too short for the claimed address family, which may result in information disclosure in configurations with SUPPORT_PROXY and 'host_proxy' set. For Debian 11 bullseye, this problem has been fixed in version 4.94.2-7+deb11u6. We recommend that you upgrade your exim4 packages. For the detailed security status of exim4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/exim4 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Upgrade exim4 on Debian LTS to fix critical information disclosure issues identified in CVE-2026-48840.. Debian LTS exim4 update information disclosure CVE-2026-48840 security advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 05, 2026 Important Debian LTS
197

Debian 11 DLA-4580-1 exim4 Critical Remote Code Execution Patch

A vulnerability has been discovered in the Exim mail transport agent, which may result in remote code execution. For Debian 11 bullseye, this problem has been fixed in version 4.94.2-7+deb11u5. We recommend that you upgrade your exim4 packages.. Debian LTS Advisory DLA-4580-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Thorsten Alteholz May 12, 2026 https://wiki.debian.org/LTS Package : exim4 Version : 4.94.2-7+deb11u5 CVE ID : no number assigned yet A vulnerability has been discovered in the Exim mail transport agent, which may result in remote code execution. For Debian 11 bullseye, this problem has been fixed in version 4.94.2-7+deb11u5. We recommend that you upgrade your exim4 packages. For the detailed security status of exim4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/exim4 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . A critical issue in Exim mail transport agent on Debian 11 requires urgent upgrading to mitigate remote code execution.. Debian exim4 security critical remote execution patch. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 12, 2026 Critical Debian LTS
87

Debian: DSA-5887-1: exim4 Security Advisory Updates

It was discovered that a use-after-free vulnerability in Exim4, a mail transport agent, may result in privilege escalation for a local attacker. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5887-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso March 26, 2025 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : exim4 CVE ID : CVE-2025-30232 It was discovered that a use-after-free vulnerability in Exim4, a mail transport agent, may result in privilege escalation for a local attacker. For the stable distribution (bookworm), this problem has been fixed in version 4.96-15+deb12u7. We recommend that you upgrade your exim4 packages. For the detailed security status of exim4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/exim4 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Exim4 security advisory for Debian addresses a critical use-after-free issue leading to privilege escalation risks.. use-after-free, vulnerability, exim4, transport, agent. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Mar 26, 2025 Important Debian
197

Debian 11: DLA-3938-1 critical: exim4 code execution and info disclosure

Multiple potential security vulnerabilities have been addressed in exim4, a mail transport agent. These issues may allow remote attackers to disclose sensitive information or execute arbitrary code but only if Exim4 is run behind or with untrusted proxy servers or DNS resolvers. If your proxy-protocol proxy . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3938-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany October 29, 2024 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : exim4 Version : 4.94.2-7+deb11u4 CVE ID : CVE-2021-38371 CVE-2022-3559 CVE-2023-42117 CVE-2023-42119 Debian Bug : 992172 Multiple potential security vulnerabilities have been addressed in exim4, a mail transport agent. These issues may allow remote attackers to disclose sensitive information or execute arbitrary code but only if Exim4 is run behind or with untrusted proxy servers or DNS resolvers. If your proxy-protocol proxy or DNS resolver are trustworthy, you are not affected. For Debian 11 bullseye, these problems have been fixed in version 4.94.2-7+deb11u4. We recommend that you upgrade your exim4 packages. For the detailed security status of exim4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/exim4 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ubuntu Security Notice USN-5107-1 reveals vulnerabilities in openssl. It is recommended to update systems to prevent unauthorized data access.. Debian LTS, exim4, security advisory, mail transport. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Oct 29, 2024 Critical Debian LTS
197

Debian 10 Buster DLA-3708-1 Critical Exim4 Mail Security Risk

It was discovered that Exim, a mail transport agent, can be induced to accept a second message embedded as part of the body of a first message in certain configurations where PIPELINING or CHUNKING on incoming connections is offered. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3708-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany January 05, 2024 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : exim4 Version : 4.92-8+deb10u9 CVE ID : CVE-2023-51766 Debian Bug : 1059387 It was discovered that Exim, a mail transport agent, can be induced to accept a second message embedded as part of the body of a first message in certain configurations where PIPELINING or CHUNKING on incoming connections is offered. For Debian 10 buster, this problem has been fixed in version 4.92-8+deb10u9. We recommend that you upgrade your exim4 packages. For the detailed security status of exim4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/exim4 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Critical notification concerning the Exim mail transfer agent designed to mitigate security weaknesses identified in Debian version 10.. Exim Security Update, Debian LTS Advisory, Exim4 Transport Agent. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jan 05, 2024 Critical Debian LTS
87

Debian: DSA-5597-1 Critical: Exim4 Message Embedding Flaw

It was discovered that Exim, a mail transport agent, can be induced to accept a second message embedded as part of the body of a first message in certain configurations where PIPELINING or CHUNKING on incoming connections is offered. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5597-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso January 04, 2024 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : exim4 CVE ID : CVE-2023-51766 Debian Bug : 1059387 It was discovered that Exim, a mail transport agent, can be induced to accept a second message embedded as part of the body of a first message in certain configurations where PIPELINING or CHUNKING on incoming connections is offered. For the oldstable distribution (bullseye), this problem has been fixed in version 4.94.2-7+deb11u2. For the stable distribution (bookworm), this problem has been fixed in version 4.96-15+deb12u4. We recommend that you upgrade your exim4 packages. For the detailed security status of exim4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/exim4 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . The Debian Security Advisory DSA-5597-1 addresses a critical flaw in Exim4 that allows message embedding in emails.. Exim4 Security Update, Debian Advisory, Email Agent Security, Transport Layer Issues, Message Handling Security. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jan 04, 2024 Critical Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200