Debian alert DSA-6292-1 (haveged)
| From: | Salvatore Bonaccorso <carnil@debian.org> | |
| To: | debian-security-announce@lists.debian.org | |
| Subject: | [SECURITY] [DSA 6292-1] haveged security update | |
| Date: | Fri, 22 May 2026 21:05:54 +0000 | |
| Message-ID: | <E1wQX46-00000007xkS-1zeg@seger.debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6292-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 22, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : haveged CVE ID : CVE-2026-41054 Debian Bug : 1137096 Dirk Mueller discovered that a flaw in the function performing a credential check on the command socket of haveged, a userspace entropy daemon, may result in local privilege escalation. For the oldstable distribution (bookworm), this problem has been fixed in version 1.9.14-1+deb12u1. For the stable distribution (trixie), this problem has been fixed in version 1.9.19-12+deb13u1. We recommend that you upgrade your haveged packages. For the detailed security status of haveged please refer to its security tracker page at: https://security-tracker.debian.org/tracker/haveged Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmoQxQZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R6tA/9GwanNmrPu8x2AEi9c7VB9g+UHpajk1w/H3MdPVyL0lwCCXMjb0xmX6nQ YwpDPFvPlJx5ho2lE38snwlfvjfP3aDqkBFb/ncTPCvASy5thN19Ev8qfnn8Rl9M JkHny9vXkezRGcxVwv+k5LFPh8UnPn1n1JrRJpEkRdqu2EEMvRS/aTVWVaVO97yq n58DuwvPJ3HV2rYQ9X9cNDL6r0D5fR0hD8AbZLauO+2OXGzcXkk4l+b05xvPSiIT 4njvttMgsuCVyexXDOf+1fLKLphufObD9DqkivBLbBm3OLwucISeF4ur4n8uzybA pWVyr6sul3SPY4Pdx26xFIfjCG/l7HxKBPv1kNfa3ja+sBA5cD5f+u3iV0L6mAek 9fs/FsTwAQfmEr+CUGPtqlNV2CT7X9Cj4wsxR4J1dG4CucHGFA4LqnpJCJ+v9Kcu dF8zXWIGYMmtg/KIHy13Yy3HToZPHbVl/zaENOjMgPR71twCcNurBUvxjVh+0rXt LIctWI49NjBPy5+5vvwtfmHhCT1tM0yjijTYWqw1V77GM6q/15g0BAX2XCd4g/qx q1j/wd5DCNB8NaYU2vftIvydgCyKiyN0SGUdr3B+MNtBR9ZxGUsDVNKPT6hLGtCp oXMIV9QW9OW1njOVrl6zg5Ke1OfLFXhQGPfdXZCtH8cFPkWuHTg= =XX1h -----END PGP SIGNATURE-----