Critical Exim Vulnerability in Ubuntu Exposes Sensitive Information

A critical vulnerability in Exim, a mail transport agent used in multiple Ubuntu versions, has been discovered. The issue, identified by Warisjeet Singh, occurs when SUPPORT_PROXY is enabled, allowing remote attackers to potentially access sensitive information before SMTP authentication. Affected releases include Ubuntu 26.04 LTS, 25.10, 24.04 LTS, and 22.04 LTS. The vulnerability can be mitigated by updating to specific package versions provided in the advisory. Users are urged to perform a standard system update to address this issue. The vulnerability highlights the importance of timely updates in maintaining system security. No CVE identifier was mentioned in the articles. The current status is that the vulnerability has been acknowledged, and updates are available.

Key Points: • Exim vulnerability could expose sensitive information over the network. • Affected Ubuntu versions include 26.04 LTS, 25.10, 24.04 LTS, and 22.04 LTS. • Users should update to the latest package versions to mitigate the risk.