Ubuntu USN · USN-8228-1

Exim vulnerabilities

Published: Mon, 04 May 2026 11:50

CVE-2026-40685CVE-2026-40687CVE-2026-40686

Summary

Several security issues were fixed in Exim.

Details

It was discovered that Exim incorrectly handled parsing malformed JSON in message headers. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2026-40685) It was discovered that Exim incorrectly handled processing of UTF-8 trailing characters. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-40686) It was discovered that Exim incorrectly handled SPA authenticator input. An authenticated user could possibly use this issue to execute arbitrary code. (CVE-2026-40687)

Recommended actions per Ubuntu release

StackPatch playbook auto-generated per release codename and per affected package.

Ubuntu jammy

exim4→4.95-4ubuntu2.7apt_upgrade
Standard apt upgrade. Install 4.95-4ubuntu2.7 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4→4.95-4ubuntu2.7apt_upgrade
Standard apt upgrade. Install 4.95-4ubuntu2.7 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4-base→4.95-4ubuntu2.7apt_upgrade
Standard apt upgrade. Install 4.95-4ubuntu2.7 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4-base
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4-config→4.95-4ubuntu2.7apt_upgrade
Standard apt upgrade. Install 4.95-4ubuntu2.7 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4-config
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4-daemon-heavy→4.95-4ubuntu2.7apt_upgrade
Standard apt upgrade. Install 4.95-4ubuntu2.7 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4-daemon-heavy
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4-daemon-light→4.95-4ubuntu2.7apt_upgrade
Standard apt upgrade. Install 4.95-4ubuntu2.7 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4-daemon-light
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4-dev→4.95-4ubuntu2.7apt_upgrade
Standard apt upgrade. Install 4.95-4ubuntu2.7 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4-dev
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
eximon4→4.95-4ubuntu2.7apt_upgrade
Standard apt upgrade. Install 4.95-4ubuntu2.7 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y eximon4
```
Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu noble

exim4→4.97-4ubuntu4.4apt_upgrade
Standard apt upgrade. Install 4.97-4ubuntu4.4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4→4.97-4ubuntu4.4apt_upgrade
Standard apt upgrade. Install 4.97-4ubuntu4.4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4-base→4.97-4ubuntu4.4apt_upgrade
Standard apt upgrade. Install 4.97-4ubuntu4.4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4-base
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4-config→4.97-4ubuntu4.4apt_upgrade
Standard apt upgrade. Install 4.97-4ubuntu4.4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4-config
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4-daemon-heavy→4.97-4ubuntu4.4apt_upgrade
Standard apt upgrade. Install 4.97-4ubuntu4.4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4-daemon-heavy
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4-daemon-light→4.97-4ubuntu4.4apt_upgrade
Standard apt upgrade. Install 4.97-4ubuntu4.4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4-daemon-light
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4-dev→4.97-4ubuntu4.4apt_upgrade
Standard apt upgrade. Install 4.97-4ubuntu4.4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4-dev
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
eximon4→4.97-4ubuntu4.4apt_upgrade
Standard apt upgrade. Install 4.97-4ubuntu4.4 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y eximon4
```
Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu questing

exim4→4.98.2-1ubuntu2.1apt_upgrade
Standard apt upgrade. Install 4.98.2-1ubuntu2.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4→4.98.2-1ubuntu2.1apt_upgrade
Standard apt upgrade. Install 4.98.2-1ubuntu2.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4-base→4.98.2-1ubuntu2.1apt_upgrade
Standard apt upgrade. Install 4.98.2-1ubuntu2.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4-base
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4-config→4.98.2-1ubuntu2.1apt_upgrade
Standard apt upgrade. Install 4.98.2-1ubuntu2.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4-config
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4-daemon-heavy→4.98.2-1ubuntu2.1apt_upgrade
Standard apt upgrade. Install 4.98.2-1ubuntu2.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4-daemon-heavy
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4-daemon-light→4.98.2-1ubuntu2.1apt_upgrade
Standard apt upgrade. Install 4.98.2-1ubuntu2.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4-daemon-light
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4-dev→4.98.2-1ubuntu2.1apt_upgrade
Standard apt upgrade. Install 4.98.2-1ubuntu2.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4-dev
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
eximon4→4.98.2-1ubuntu2.1apt_upgrade
Standard apt upgrade. Install 4.98.2-1ubuntu2.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y eximon4
```
Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu resolute

exim4→4.99.1-1ubuntu1.1apt_upgrade
Standard apt upgrade. Install 4.99.1-1ubuntu1.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4→4.99.1-1ubuntu1.1apt_upgrade
Standard apt upgrade. Install 4.99.1-1ubuntu1.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4-base→4.99.1-1ubuntu1.1apt_upgrade
Standard apt upgrade. Install 4.99.1-1ubuntu1.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4-base
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4-config→4.99.1-1ubuntu1.1apt_upgrade
Standard apt upgrade. Install 4.99.1-1ubuntu1.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4-config
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4-daemon-heavy→4.99.1-1ubuntu1.1apt_upgrade
Standard apt upgrade. Install 4.99.1-1ubuntu1.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4-daemon-heavy
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4-daemon-light→4.99.1-1ubuntu1.1apt_upgrade
Standard apt upgrade. Install 4.99.1-1ubuntu1.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4-daemon-light
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
exim4-dev→4.99.1-1ubuntu1.1apt_upgrade
Standard apt upgrade. Install 4.99.1-1ubuntu1.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y exim4-dev
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
eximon4→4.99.1-1ubuntu1.1apt_upgrade
Standard apt upgrade. Install 4.99.1-1ubuntu1.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y eximon4
```
Most apt upgrades restart their service automatically. needrestart lists anything else.

Are YOU affected by USN-8228-1?

5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8228-1 (and any other live CVE) applies. Anonymous, no signup.

curl https://mindsparkstack.com/scan.sh | bash

Form-based quickscan Read the bash source first

Want this automated for your servers?

StackPatch runs this match against YOUR installed packages every hour

Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.

Buy lifetime →See StackPatch →Live audit log →