On 8th December Sergey Kononenko, discovered a vulnerability in the Exim mail server, that could allow hackers to gain control of the host server. Though initially thought to effect only packages for Debian, it appears to be present in all versions.

Exim is the default mail server used by cPanel, and last night cPanel announced the availability of updated Exim packages for Linux distributions, that have this vulnerability patched. If you have automated cPanel updates, Exim will be upgraded the next time upcp is scheduled to run. If you are not using automated updates or do not want to run upcp, you can update Exim by running the command /scripts/eximup. If you are running FreeBSD you should follow the steps mentioned here.