CLSA-2026-1779369819

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779369819.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1779369819

Upstream

CVE-2026-40686

CVE-2026-40687

Published

2026-05-21T13:23:43Z

Modified

2026-06-04T09:47:29.420728646Z

Summary

Fix CVE(s): CVE-2026-40686, CVE-2026-40687

Details

SECURITY UPDATE: heap read out-of-bounds in UTF-8 expansion
- debian/patches/CVE-2026-40686.patch: harden ${from_utf8:} expansion operator against malformed UTF-8 trailing bytes.
- CVE-2026-40686
SECURITY UPDATE: SPA authenticator buffer hardening
- debian/patches/CVE-2026-40687.patch: zero spabase64tobits output buffer and replace static 1024-byte buffers in unicodeToString, strToUnicode, toString with dynamic storeget allocations sized to input.
- CVE-2026-40687

References

https://errata.tuxcare.com/els_os/ubuntu18.04els/CLSA-2026-1779369819.html

Affected packages

TuxCare:Ubuntu:18.04

exim4

Package

Name: exim4
Purl: pkg:deb/tuxcare/exim4?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.90.1-1ubuntu1.10+tuxcare.els6

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779369819.json"

exim4-base

Package

Name: exim4-base
Purl: pkg:deb/tuxcare/exim4-base?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.90.1-1ubuntu1.10+tuxcare.els6

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779369819.json"

exim4-config

Package

Name: exim4-config
Purl: pkg:deb/tuxcare/exim4-config?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.90.1-1ubuntu1.10+tuxcare.els6

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779369819.json"

exim4-daemon-heavy

Package

Name: exim4-daemon-heavy
Purl: pkg:deb/tuxcare/exim4-daemon-heavy?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.90.1-1ubuntu1.10+tuxcare.els6

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779369819.json"

exim4-daemon-light

Package

Name: exim4-daemon-light
Purl: pkg:deb/tuxcare/exim4-daemon-light?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.90.1-1ubuntu1.10+tuxcare.els6

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779369819.json"

exim4-dev

Package

Name: exim4-dev
Purl: pkg:deb/tuxcare/exim4-dev?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.90.1-1ubuntu1.10+tuxcare.els6

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779369819.json"

eximon4

Package

Name: eximon4
Purl: pkg:deb/tuxcare/eximon4?distro=ubuntu-18.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.90.1-1ubuntu1.10+tuxcare.els6

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779369819.json"