Release date:
2026-05-13 16:48:43 UTC
Description:
- CVE-2026-40686: out-of-bounds read in the GETUTF8INC macro in src/expand.c
when processing malformed UTF-8 in expansion operators with utf8 enabled,
potentially disclosing heap data via SMTP rejection messages.
Updated packages:
-
exim-4.99.1-1.el9.tuxcare.els3.x86_64.rpm
sha:41076fe3316fc4bec8dc9cdd275620e1395b062464a1bb801feccd32c38c2e02
-
exim-greylist-4.99.1-1.el9.tuxcare.els3.x86_64.rpm
sha:85e4b3fe372f23ba63423b0c9bfe7c93ab6164f873308348178548ba85d2f3b3
-
exim-mon-4.99.1-1.el9.tuxcare.els3.x86_64.rpm
sha:e2e5c5381b3994f8581f234a56c957775ce37dff33c6b8f3e3734abc7e2ae36c
-
exim-mysql-4.99.1-1.el9.tuxcare.els3.x86_64.rpm
sha:8b784c76d3879572a2acfb4555799b748dfff5bcc4e51e22df9f1c336d13016a
-
exim-pgsql-4.99.1-1.el9.tuxcare.els3.x86_64.rpm
sha:7ca0ac79ffe43b0147dc1d771e816efb71d35ee42cd44c2a09e40a84d9c72691
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
