Exim regression
Published: Wed, 10 Jun 2026 12:22
Summary
USN-6455-1 introduced a regression in Exim
Details
USN-6455-1 fixed vulnerabilities in Exim. The fix for CVE-2023-42117 introduced a regression on Ubuntu 22.04 LTS that resulted in certain connections logging a Taint mismatch error. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Exim incorrectly handled validation of user-supplied data, which could lead to memory corruption. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2023-42117) It was discovered that Exim incorrectly handled validation of user-supplied data, which could lead to an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2023-42119)
Recommended actions per Ubuntu release
StackPatch playbook auto-generated per release codename and per affected package.
Ubuntu jammy
exim4→4.95-4ubuntu2.10apt_upgradeStandard apt upgrade. Install 4.95-4ubuntu2.10 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y exim4
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4→4.95-4ubuntu2.10apt_upgradeStandard apt upgrade. Install 4.95-4ubuntu2.10 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y exim4
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4-base→4.95-4ubuntu2.10apt_upgradeStandard apt upgrade. Install 4.95-4ubuntu2.10 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y exim4-base
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4-config→4.95-4ubuntu2.10apt_upgradeStandard apt upgrade. Install 4.95-4ubuntu2.10 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y exim4-config
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4-daemon-heavy→4.95-4ubuntu2.10apt_upgradeStandard apt upgrade. Install 4.95-4ubuntu2.10 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y exim4-daemon-heavy
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4-daemon-light→4.95-4ubuntu2.10apt_upgradeStandard apt upgrade. Install 4.95-4ubuntu2.10 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y exim4-daemon-light
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4-dev→4.95-4ubuntu2.10apt_upgradeStandard apt upgrade. Install 4.95-4ubuntu2.10 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y exim4-dev
Most apt upgrades restart their service automatically. needrestart lists anything else.
eximon4→4.95-4ubuntu2.10apt_upgradeStandard apt upgrade. Install 4.95-4ubuntu2.10 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y eximon4
Most apt upgrades restart their service automatically. needrestart lists anything else.
Are YOU affected by USN-6455-2?
5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-6455-2 (and any other live CVE) applies. Anonymous, no signup.
curl https://mindsparkstack.com/scan.sh | bash
References
StackPatch runs this match against YOUR installed packages every hour
Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.