Your message dated Fri, 22 May 2026 22:32:09 +0000
with message-id <[email protected]>
and subject line Bug#1137096: fixed in haveged 1.9.19-12+deb13u1
has caused the Debian Bug report #1137096,
regarding haveged: CVE-2026-41054: missing exit out of permission check could
lead to root exploit
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1137096: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137096
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: haveged
Version: 1.9.20-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 1.9.14-1
Hi,
The following vulnerability was published for haveged.
CVE-2026-41054[0]:
| haveged: missing exit out of permission check could lead to root
| exploit
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-41054
https://www.cve.org/CVERecord?id=CVE-2026-41054
[1] https://www.openwall.com/lists/oss-security/2026/05/19/3
[2] https://bugzilla.suse.com/show_bug.cgi?id=1264086
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: haveged
Source-Version: 1.9.19-12+deb13u1
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
haveged, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated haveged package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 22 May 2026 14:51:39 +0200
Source: haveged
Architecture: source
Version: 1.9.19-12+deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Daniel Baumann <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 1137096
Changes:
haveged (1.9.19-12+deb13u1) trixie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix privilege escalation via command socket (CVE-2026-41054)
(Closes: #1137096)
* Check peer credentials before reading command (CVE-2026-41054)
Checksums-Sha1:
f00b08ec8c784a1ac0d67a5314ca37cce47cc04b 2337 haveged_1.9.19-12+deb13u1.dsc
c285864c1f8370c8241938d8221decae93538850 352280 haveged_1.9.19.orig.tar.xz
2623274bef330574c78e3159b9571bebc138f92e 13492
haveged_1.9.19-12+deb13u1.debian.tar.xz
9a3a8a39b255fbff35ef65b765b6d3449601b9a9 6196
haveged_1.9.19-12+deb13u1_source.buildinfo
Checksums-Sha256:
85609fd424a85d5c2d31c7032c71177ede82999c7ad6e0c0260af385346dc967 2337
haveged_1.9.19-12+deb13u1.dsc
792b28a5318f73cc5f6558d026641aaaa1f5b6af778492db8841d08d64508755 352280
haveged_1.9.19.orig.tar.xz
f1fc7d5cab6989eb0749f3bd8479e72124d598292743413f39288fb86ea8ff65 13492
haveged_1.9.19-12+deb13u1.debian.tar.xz
80a35948b8e8409e4c8560690cab24794ee97259ea1719111cefcd2a788cfb44 6196
haveged_1.9.19-12+deb13u1_source.buildinfo
Files:
5455dce578d40071e5d919783b8c30ab 2337 misc optional
haveged_1.9.19-12+deb13u1.dsc
cb087580515ba90d7821bd4b05739ce8 352280 misc optional
haveged_1.9.19.orig.tar.xz
e97f5b76c0df5f7d2ccd5cd89fd1eee5 13492 misc optional
haveged_1.9.19-12+deb13u1.debian.tar.xz
c481e3c14424219924a568a9b4c63de3 6196 misc optional
haveged_1.9.19-12+deb13u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmoQYGRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EL28P+gIBmpdunnFhjCajcptq2v3g8QSlrbTR
jMl/ilQPc7f4lkcnp47a/SwOFe/HhcRLkj9fsEQ/j1SVECOyWEoWt2yyrqxKqeuu
UhIg81Dsa+6ykcgxgBl1USiz2vrkp+nwxZNSeM2uoe2OoIgtGa6+hWpCLIV4orUN
IcgGgwT0MT0DEKqosqZ0WLED8r/qCemfd8327fgUWqpvEYN1+NCD08QD6Pr0D9hd
aNl63UCQQTMMn6fL+jX05Ons3/pWFViSF6zElz7/Y08wzIne/niE47Jjeh9ABHdZ
d1HrIFH652kRzrldxgZuqxUl9ZEa8zbnNsXp1cDNkvZoaeKrRVvtpdAUPVKWHeyh
Gz39nBXE8pVHd8OYu6dGIGRpsJm2gcFLb9cFfFSwnJw64+dPUfDOpLWAyerkrbE0
0osTB9Uj2ah8OHlLaLd75dfGC6HnDTfQzNrdOp0Q2IwvKHMBTu8qG13VVOX/N1Nx
07QLJC2L4+mEoVSadD+vOPwmFEJHjA0YLbjxf79vmBD1PVnDG2G2yG3zoqTZd5Bc
LZwDvG6nQw4F+Nh8hrjNae8ngrLNJa30SzRz0EO8s718OIsBd5CF9zKcrfZ2/f8q
oYpT3MEgRjEWS+4AAHnaxDJvQYpUD9b4cwT827mSXu0iG6xLMW76bMBjpWwrrtOO
6NG7OBj4MGZN
=RpaQ
-----END PGP SIGNATURE-----
pgpQxQ3T6_gDp.pgp
Description: PGP signature
--- End Message ---
