https://documentation.cpanel.net/display/CKB/CVE-2017-16943+and+CVE-2017-16944+Exim
Impact
According to Exim development: "A remote code execution vulnerability has been reported in Exim, with immediate public disclosure (we were given no private notice)."
The vulnerability exists in the ESMTP CHUNKING extension, and an additional DoS vulnerability exists in the same subsystem. On supported cPanel & WHM versions, chunking_advertise_hosts is set to an un-routable IP address by default. That technique appears to prevent the remote exploitation of the vulnerabilities.
On further investigation, we became concerned that local users may still be able to abuse this configuration. Accordingly, we published an autofixer on Monday, November 27 2017, to fully disable chunking support in Exim. This would have run during Monday's nightly maintenance, and can be confirmed by running the following as root via SSH:
/scripts/autorepair exim_disable_chunking
 Resolution
This page will be updated as new versions of cPanel & WHM are published to address CVE-2017-16943 and CVE-2017-16944.
Â
Workarounds
As stated above: you may completely disable chunking support in Exim. To do this, run the following command as root via SSH:
/scripts/autorepair exim_disable_chunking
 Additional Information
https://nvd.nist.gov/vuln/detail/CVE-2017-16943
https://nvd.nist.gov/vuln/detail/CVE-2017-16944
https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html