Your message dated Tue, 19 May 2026 15:20:48 +0000
with message-id <[email protected]>
and subject line Bug#1137096: fixed in haveged 1.9.21-1
has caused the Debian Bug report #1137096,
regarding haveged: CVE-2026-41054: missing exit out of permission check could
lead to root exploit
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1137096: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137096
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: haveged
Version: 1.9.20-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 1.9.14-1
Hi,
The following vulnerability was published for haveged.
CVE-2026-41054[0]:
| haveged: missing exit out of permission check could lead to root
| exploit
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-41054
https://www.cve.org/CVERecord?id=CVE-2026-41054
[1] https://www.openwall.com/lists/oss-security/2026/05/19/3
[2] https://bugzilla.suse.com/show_bug.cgi?id=1264086
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: haveged
Source-Version: 1.9.21-1
Done: Daniel Baumann <[email protected]>
We believe that the bug you reported is fixed in the latest version of
haveged, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Baumann <[email protected]> (supplier of updated haveged package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 19 May 2026 16:54:30 +0200
Source: haveged
Architecture: source
Version: 1.9.21-1
Distribution: sid
Urgency: high
Maintainer: Daniel Baumann <[email protected]>
Changed-By: Daniel Baumann <[email protected]>
Closes: 1137096
Changes:
haveged (1.9.21-1) sid; urgency=high
.
* Merging upstream version 1.9.21:
- Fix privilege escalation via command socket [CVE-2026-41054] - the uid
check sent a NAK to non-root callers but did not exit the function,
allowing unprivileged local users to send commands to the root-running
daemon via the abstract UNIX socket (Closes: #1137096).
Checksums-Sha1:
e90ef94a7802554688146f3274f03dd2480766d8 1509 haveged_1.9.21-1.dsc
ebd86b20b035d490e31a6acc05da2cf12fe0b0a2 355196 haveged_1.9.21.orig.tar.xz
f8f809acdbf5ea880450a65f85c215c7076a0381 12216 haveged_1.9.21-1.debian.tar.xz
eb69e44655198db872bdf333e7ced2fda8a508ea 6341 haveged_1.9.21-1_amd64.buildinfo
Checksums-Sha256:
833a9d42ec98b07f8bcf341cf81c62c59114089d22a8ff79fe08dc84a646cf9a 1509
haveged_1.9.21-1.dsc
0262ac81b1666a0d5c18de430056cfa7abfb23176f8c2296b9616548e73d7903 355196
haveged_1.9.21.orig.tar.xz
839b2aec7e78b3431936b10b4cba18f6e72ec1e418d7202fd2e9cc38b1cddf63 12216
haveged_1.9.21-1.debian.tar.xz
ddfbf77e86930dd1489cb4c55dd31d4c330a7802fa336557fe061a6c0e99d5fb 6341
haveged_1.9.21-1_amd64.buildinfo
Files:
78d5f7de80ce661c6e6e99bf149d840b 1509 misc optional haveged_1.9.21-1.dsc
b8b08eb9ab61f7c4f31bb5563e26dc94 355196 misc optional
haveged_1.9.21.orig.tar.xz
122ef0e6a2c0304c20d2b7fda64b72ca 12216 misc optional
haveged_1.9.21-1.debian.tar.xz
80b630faa63be0534fb7008fd530cc68 6341 misc optional
haveged_1.9.21-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQQmmGg4gLaoSj0ERgL7tPDoCoAiLwUCagx6KwAKCRD7tPDoCoAi
L+kmAQC510bhDALByPBhXpCrs57dbP5X+4N0qiSJMPwkYEwXmgD/VvDf3UmJBoSu
q1+Ez6JdOIgGqJsjcpQyR/ZT3BruNwU=
=9ZMr
-----END PGP SIGNATURE-----
pgpGMivW7s5dq.pgp
Description: PGP signature
--- End Message ---
