Your message dated Fri, 22 May 2026 22:33:22 +0000
with message-id <[email protected]>
and subject line Bug#1137096: fixed in haveged 1.9.14-1+deb12u1
has caused the Debian Bug report #1137096,
regarding haveged: CVE-2026-41054: missing exit out of permission check could
lead to root exploit
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1137096: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137096
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: haveged
Version: 1.9.20-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 1.9.14-1
Hi,
The following vulnerability was published for haveged.
CVE-2026-41054[0]:
| haveged: missing exit out of permission check could lead to root
| exploit
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-41054
https://www.cve.org/CVERecord?id=CVE-2026-41054
[1] https://www.openwall.com/lists/oss-security/2026/05/19/3
[2] https://bugzilla.suse.com/show_bug.cgi?id=1264086
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: haveged
Source-Version: 1.9.14-1+deb12u1
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
haveged, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated haveged package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 22 May 2026 14:56:30 +0200
Source: haveged
Architecture: source
Version: 1.9.14-1+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Jérémy Bobbio <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 1137096
Changes:
haveged (1.9.14-1+deb12u1) bookworm-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix privilege escalation via command socket (CVE-2026-41054)
(Closes: #1137096)
* Check peer credentials before reading command (CVE-2026-41054)
Checksums-Sha1:
332c3546c3f43ac727077d21b5e26952df54b2a8 2335 haveged_1.9.14-1+deb12u1.dsc
66571ee9273dbb6152e829790753a0bbfdb95e71 496346 haveged_1.9.14.orig.tar.gz
62d93609c5542bdc8b64b8f62bebbf0b1eb51840 13032
haveged_1.9.14-1+deb12u1.debian.tar.xz
444adcfc52a8b1e410c7eb51aba8cabad774d9e9 6192
haveged_1.9.14-1+deb12u1_source.buildinfo
Checksums-Sha256:
6978f6939adb5766336126b2045a1c5c514d7ad7f63eeff7af9f039316f2b3a5 2335
haveged_1.9.14-1+deb12u1.dsc
938cb494bcad7e4f24e61eb50fab4aa0acbc3240c80f3ad5c6cf7e6e922618c3 496346
haveged_1.9.14.orig.tar.gz
a9a0dc7f96557608060146edc0db861fa0153caaa9fa6d010114ed67feea639b 13032
haveged_1.9.14-1+deb12u1.debian.tar.xz
88b2efd2f46090581529c36be60e959af556df81138e357af9eb540b63a7b58f 6192
haveged_1.9.14-1+deb12u1_source.buildinfo
Files:
0398b7965118318553abd03e38403f28 2335 misc optional
haveged_1.9.14-1+deb12u1.dsc
f756474201bec9a46b41e8712f79468a 496346 misc optional
haveged_1.9.14.orig.tar.gz
4e2d3497c8ed47e7bc7b1ccc48b8e676 13032 misc optional
haveged_1.9.14-1+deb12u1.debian.tar.xz
95557509d7916cf3cafd9b5efa0a9d14 6192 misc optional
haveged_1.9.14-1+deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmoQYJFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EB9cQAIkrAMVNub76crvjAOp+r4Pym5MEWpgi
HUVRSYn/oFz3/eLTkuogR5ndwVpZRiOEW7qOV0USoIE2feQA6JgjXbuphsrEKoDQ
Dn5+nY8DCqQ/H7EVU8FOSyDvtxDJRonXFZ0FYVfY64GlnbAFSME4AQLNgKCWIySY
7WS9Wsr89+6tcqvOw3al56a0nOTd/RfOlfqRh6xdJ7UFMCy8fSsyEgbBzv0jx7+N
uky6yxEjChCu7AoHZU7Mn83PpvRmMhyxLPsmbSykLh5EYIubp5ZP4v0+mPV/wbro
iqONjqJRs63x1Xk43CDrxvvt9usKLVbsH7k4pU9zaFhIvfVbM+eiXWMuRt0aBwZL
9rI4gbVBmnUcWcOmA8TykFe7LJqMEriFVendsNtu9cRFh9m1cZ89jHVQOZdxtWhs
n9SJJRTsoq3Pxm5kGww+qFWAMqOL3LIkmwJlvnn48UMFMaJq9wLdhtpj4O+5bnzQ
Isszgdf+DCpx7aNzIlif5zJi3tHjMAGQQWeUgERxg7ftKCH6NM/MR7m3+TE1W+x7
hzDIOMhHYkL+tOIAyucdAiArTZkc4US+k07hFr62VAzbnzV0zLC2Ngul7tmtuJxD
WZ4xJUyvyY++iMzFocRxOwnR6N3V+bkOnWRjJ5dpaOZ8iPd5D6Yziamp7A3ABc0F
dxJa8ZdUkxWJ
=vywp
-----END PGP SIGNATURE-----
pgpzvgEgc5Ylj.pgp
Description: PGP signature
--- End Message ---
