UbuntuUpdates.org

Package "exim4-base"

Name: exim4-base

Description:

support files for all Exim MTA (v4) packages
Latest version: 4.99.1-1ubuntu1.1
Release: resolute (26.04)
Level: security
Repository: main
Head package: exim4
Homepage: https://www.exim.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "exim4-base"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "exim4-base" in Resolute

Repository Area Version
base main 4.99.1-1ubuntu1
updates main 4.99.1-1ubuntu1.1

Changelog

Version: 4.99.1-1ubuntu1.1 2026-05-04 15:36:28 UTC

  exim4 (4.99.1-1ubuntu1.1) resolute-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues
    - debian/patches/CVE-2026-4068x.patch: backported upstream fix.
    - CVE-2026-40685 - Possible OOB read/write on corrupt JSON in header
    - CVE-2026-40686 - Possible OOB read with large UTF8 trailing chars
    - CVE-2026-40687 - Possible OOB read/write with SPA authenticator

 -- Marc Deslauriers <email address hidden> Wed, 29 Apr 2026 12:42:33 -0400
CVE-2026-4068 The Add Custom Fields to Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.3. This is
CVE-2026-40685 In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrus
CVE-2026-40686 In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-
CVE-2026-40687 In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes


About   -   Send Feedback to @ubuntu_updates