This is a serious root exploit, a bit worrying there has been no official update and the default config will install an exim with such an exploit on any new install of webuzo if exim is chosen to be installed.
I recommend the following changes:
1) Officially address exim and build an update
2) offer something to auto update software that can be called via cron instead of just the ability to update in the webuzo login.
3) rpm's being installed should be done from a repo that is more managed by a third party. For example consider moving off to epel repo for software to have faster updates instead of rolling your own.