Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260519151600.3ded0958@hboeck.de>
Date: Tue, 19 May 2026 15:16:00 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Re: Fixed: local root exploit in haveged, fixed in
 1.9.21, CVE-2026-41054

On Tue, 19 May 2026 12:27:03 +0000
Marcus Meissner <meissner@...e.de> wrote:

> If you are using haveged, todays release fixes a local root exploit.

You can also fix this by uninstalling it.

There's no need to have an "entropy daemon"... It adds needless
complexity and, as this issue shows, attack surface. There have been
many improvements in the Linux kernel's RNG (Jason Donenfeld, also known
as the Wireguard developer, did a lot of work on that) and I am quite
confident that there are no problems with the RNG on any reasonably
recent Linux kernel that an "entropy daemon" would help with.

-- 
Hanno Böck - Independent security researcher
https://itsec.hboeck.de/
https://badkeys.info/

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.