Exim 4.98.2 released

Software 43076 Published by

The release of Exim 4.98.2 mail server includes an important fix for a use-after-free vulnerability. The vulnerability necessitates Exim Version 4.98.1 or a later version, along with command-line access



CVE-2025-30232: Exim Security update available (4.98.1 -> 4.98.2)

Exim 4.98.2 is released to the public.

Screenshot_from_2025_03_26_15_51_53

It addresses a use-after-free. 

CVE 2025-30232

Timeline

- 2025/03/13 Report received
- 2025/03/18 ACK sent to reporter
- 2025/03/19 CVE assigned
- 2025/03/19 Distros heads-up mail, to <distros@vs.openwall.org> and <exim-maintainers@lists.exim.org>
- 2025/03/21 14:00 UTC Security Release available for (only) Distros
- 2025/03/25 14:00 UTC Public heads-up notification, to <exim-announce@lists.exim.org>
- 2025/03/26 14:00 UTC Published the changes on https://code.exim.org/exim/exim.git

Details

A use-after-free is possible, with potential for privilege escalation.

The following conditions have to be met for being vulnerable:

- Exim Version
- 4.96
- 4.97
- 4.98
- 4.98.1
- Command-line access

Acknowledgements

Thanks to Trend Micro for reporting this issue in a responsible manner.

--
Cheers,
Jeremy

On behalf of the Exim Maintainers

Zen Browser 1.10.2b released

Zorin OS 17.3 released

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...