Re: [EXIM-Security-2026-05-01.1] Security Release 4.99.3

[Sam James <sam () gentoo org>]

Heiko Schlittermann <hs () nodmarc schlittermann de> writes:

> Hello,
>
> The Exim maintainers are releasing an important security update to address a critical vulnerability affecting certain 
> Exim configurations.
>
> Vulnerability Details
>
> A remotely reachable Use-After-Free (UAF) vulnerability has been
> identified in Exim's BDAT (binary data transmission) body parsing path
> when using the GnuTLS backend. This vulnerability can lead to heap
> corruption and potential code execution.
>
> Affected Versions and Configurations
>
> This vulnerability affects Exim versions 4.97 through 4.99.x that:
> - Are built with GnuTLS support
> - Have STARTTLS and CHUNKING advertised
>
> Recommended Action
>
> We strongly recommend all affected users upgrade to Exim 4.99.3 or later immediately.
>
> Obtaining the Fix
>
> Fixed versions are available:
> - Repository: https://code.exim.org/exim-/exim (branch: exim-4.99+fixes, tag: exim-4.99.3) (signed by me)
> - Tarballs: https://downloads.exim.org/exim4/ (signed by me)
> - Please see the Exim website for detailed upgrade instructions
>
> Additional Information
>
> - Distros already have coordinated access to patches
> - Internal tracking ID: EXIM-Security-2026-05-01.1
> - Full technical details will be available:
> https://exim.org/static/doc/security/EXIM-Security-2026-05-01.1/

CVE is CVE-2026-45185.

> Thank you for your cooperation.
> And special thanks to the reporter at xbow security.

Writeup at https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim

>     Best regards from Dresden/Germany
>     Viele Grüße aus Dresden
>     Heiko Schlittermann

Attachment: signature.asc
Description: