Ubuntu alert USN-8358-1 (haveged)

From:
             
 
noreply+usn-bot--- via ubuntu-security-announce <ubuntu-security-announce@lists.ubuntu.com>
To:
             
 
ubuntu-security-announce@lists.ubuntu.com
Subject:
             
 
[USN-8358-1] haveged vulnerability
Date:
             
 
Mon, 01 Jun 2026 18:25:55 +0000
Message-ID:
             
 
<E1wU7Kl-00023h-Ox@lists.ubuntu.com>
Cc:
             
 
noreply+usn-bot@canonical.com
==========================================================================
Ubuntu Security Notice USN-8358-1
June 01, 2026

haveged vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

haveged could be made to run programs as an administrator.

Software Description:
- haveged: userspace entropy daemon

Details:

It was discovered that haveged incorrectly handled credential
checks on its control socket. A local attacker could possibly
use this issue to execute privileged commands.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  haveged                         1.9.19-14ubuntu0.1
  libhavege2                      1.9.19-14ubuntu0.1

Ubuntu 25.10
  haveged                         1.9.19-12+deb13u1build0.25.10.1
  libhavege2                      1.9.19-12+deb13u1build0.25.10.1

Ubuntu 24.04 LTS
  haveged                         1.9.14-1ubuntu2+esm1~24.04.1
                                  Available with Ubuntu Pro
  libhavege2                      1.9.14-1ubuntu2+esm1~24.04.1
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  haveged                         1.9.14-1ubuntu1+esm1~22.04.1
                                  Available with Ubuntu Pro
  libhavege2                      1.9.14-1ubuntu1+esm1~22.04.1
                                  Available with Ubuntu Pro

After a standard system update you need to restart haveged to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8358-1
  CVE-2026-41054

Package Information:
  https://launchpad.net/ubuntu/+source/haveged/1.9.19-14ubu...
  https://launchpad.net/ubuntu/+source/haveged/1.9.19-12+de...


Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmodzZEACgkQcpJm3tlz
hgHzvQ//X7k61O3ixPv7W1ql55sk1i7ud8RrfwylCjy43RLJ4FfxZAdKeWiCO+Gt
bGlxQXDbj4JLkNcBjD9bBKVu3ziTDgzFBV4wqhSYasbciAqOI/l2wOATL7p/VwL3
QZkrtXXObZBaO1boRUaMDKM1ADJunFVsOjtNxcbHuUq6Y1S9O9F4gNdqpqTWJhTB
iZ5VCnY1laPgOnHeOGVuVyKD4lMd+eHOBrkSRMFRh+2LqI2Wll0azzwUM60hp4PN
tU/abURWu2aJHzEHobSpWjNGIaHDQr6H+q8rijCC8lr4gWU1I85IzH7jMVTl0Zlf
78zf6xb/pOIKTJMxzfbzF/XMxhjZQChl+znEcPWKHDofCSc36IV1UDCjyen9zd0S
9+/lvhX2A3f+lcetnCBDipXUFoZ7XRe+ayZv5YnpCD//aFr1Dpq8JDu+kgA82LJb
nkd4o00uA1b+ErYuOch0a3K1kjQjQqJGvYxTWw6ulxNFzXERUwBY4mOllN7tBKSK
XvhPJ8ZmffN0Qzr6mOtcZs7SRzpbkWLt2blB4krQCgppueByACaS+8i8ypQ8tI/P
63gdYcZJ6ruRHMEODGsv0LMxKc+zOp56M8nGvXt6jekBPRARcIAA/1RTZWcjKV9V
GBPpOI7Bo3cOgvpMQKy1RPoXMDG3mS49zdWa4gxQcSm/LFqUp+c=
=Odvz
-----END PGP SIGNATURE-----