CLSA-2026:1780519410

[CLSA-2026:1780519410] exim: Fix of CVE-2026-40686

Type:

security

Severity:

Moderate

Release date:

2026-06-03 20:43:42 UTC

Description:

- CVE-2026-40686: out-of-bounds heap read in GETUTF8INC macro when utf8
  operators process malformed input; may exfiltrate heap data via SMTP
  rejection messages

CVEs fixed:

CVE-2026-40686

Updated packages:

exim-4.99.1-1.el9_2.tuxcare.els2.x86_64.rpm
sha:d2bacc28dd43c84c24390f8f79d0d34bf7513f01786299037e56f0ee6d8bbdf8
exim-greylist-4.99.1-1.el9_2.tuxcare.els2.x86_64.rpm
sha:9d8be2670ce13bf391eedb80677d3f7ba1cd8c5c6c1acc41296572f32cc7b485
exim-mon-4.99.1-1.el9_2.tuxcare.els2.x86_64.rpm
sha:bd85da692cb3323581e60f2c59dd3255bb9e7cb1311fa2de43dcb357561dfb58
exim-mysql-4.99.1-1.el9_2.tuxcare.els2.x86_64.rpm
sha:0c95fff0090af8421bc8b2c851ee2a8c8c9eee343f945f58440bdd9ac750247f
exim-pgsql-4.99.1-1.el9_2.tuxcare.els2.x86_64.rpm
sha:dee6a56cbfac8ba23bfbf8da6ff14ab21e485d64004ebe3d959eb9bfe77ba819

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.