[SECURITY] [DSA 6265-1] exim4 security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6265-1] exim4 security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 12 May 2026 14:23:22 +0000
Message-id: <[🔎] E1wMo14-0000000DWYS-30rK@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6265-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 12, 2026                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : exim4
CVE ID         : CVE-2026-40684 CVE-2026-40685 CVE-2026-40686 CVE-2026-40687

Several vulnerabilities were discovered in the Exim mail transport
agent, which may result in remote code execution, denial of service or
an information leak.

For the oldstable distribution (bookworm), these problems have been fixed
in version 4.96-15+deb12u9.

For the stable distribution (trixie), these problems have been fixed in
version 4.98.2-1+deb13u2.

We recommend that you upgrade your exim4 packages.

For the detailed security status of exim4 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/exim4

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmoDN6tfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QY+xAAli6laau49sWxpG71BDr62wzvIUTaH4yuAkYf3n47BCto5LSgnWv/NR0k
/T8fe8sc7USp8Fhk5Oxpr3ftC1dibtRPGHnTrWvIJCRsN5+OkiiK+0tWmtv4fTkJ
dJ3OaCuI8ylWxj50e/4cdGFGtr7dQO8Rw4LkcgwhTG1ddKsJoJlesf1o3jcITp9G
SkVcWsEvXTX8k4z1OYdzux5Wd3cqJETEvUAPxDDthVZ2JWHvcHEPIQtrPlp/Bfej
AQ3e0SSoiPiqs4jHeDqFPhCYfylMpLlIBlD8gSXBv+fynhs0x+bx1NrTmVEV1rmx
8UO8lranELb9QjeIEPk63XXEIUAK5gMLpcbwVIWyKEnqCaU13+PGbgt5yTicceVQ
Pb6sFjmkaQYcxaSMAgBL4KTClGYZQV7f0yMey/F/dw3TXy6fqOkaLd6VMdua/3Kl
Gy6OHfZW2j+BbqTBwUc21Bqt2cq0W4VoVnO5mPc+XoxgB5o5XCFfEmJBDjVLF6fJ
bpQI28zdFRVWvm4R3bMcbqXuWIOci7udPeTt+XbM0mRUwLPMIMWI0XookXGiDx8C
xXsz9xIpudVto0I1rg0SI96MFWaGRDriek4oizSJ+zf+IAJS1b/N953kuQtKX7Uq
1bOHXgrWsKpTXfSi+Gs3czLi6AoKe7JUEOJV/bwZNoa8yLtcW1A=
=s/AF
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6264-1] dnsmasq security update
Next by Date: [SECURITY] [DSA 6266-1] nghttp2 security update
Previous by thread: [SECURITY] [DSA 6264-1] dnsmasq security update
Next by thread: [SECURITY] [DSA 6266-1] nghttp2 security update
Index(es):
- Date
- Thread