Exim - CVE-2025-26794: upcoming security release

[matkra]

Hello,

on the official Exim mailing list there was such an announcement:

https://vulmon.com/exploitdetails?qidtp=maillist_oss_security&qid=33eff4af0a20c436b73262d123dbe722

Is the DA team planning any actions? Do we need to wait for a new version to receive the security update ?

 

[fln]

There is not much information about the bug but seems serious enough. We will release DA update (as hot-fix) with the new exim version when it is available.

 

[ccto]

Exim 4.98.1 released.

About the issue:

https://exim.org/static/doc/security/CVE-2025-26794.txt

 

[fln]

DirectAdmin exim config does not use sqlite so standard DA servers are not affected. Anyway we had all the preparations done already and pushed out an update to all release channels (beta, current, stable, even EOL ones like rhel7, debian10) to start using latest exim build.

 

[matkra]

DirectAdmin exim config does not use sqlite so standard DA servers are not affected. Anyway we had all the preparations done already and pushed out an update to all release channels (beta, current, stable, even EOL ones like rhel7, debian10) to start using latest exim build.

Thank you for your prompt response. Exim has been updated.