Fedora 42: libinput 1.28.903 Security Fix for Debug Logging Issue
fedora
July 23, 2025
libinput 1.28.903 - fixes key events accidentally printed (and thus logged to the system log) if debug logs were enabled at the compositor level
Summary
libinput is a library that handles input devices for display servers and other
applications that need to directly deal with input devices.
It provides device detection, device handling, input device event processing
and abstraction so minimize the amount of custom input code the user of
libinput need to provide the common set of functionality that users expect.
Update Information:
libinput 1.28.903 - fixes key events accidentally printed (and thus logged to the system log) if debug logs were enabled at the compositor level. Only affects the recent 1.28.901 and 1.28.902 releases, mutter/wlroots are unaffected but kwin and Xorg may log depending on whether the user has enabled debug logging (which is unlikely).
Topics Covered
Change Log
* Mon Jul 21 2025 Peter Hutterer
References
[ 1 ] Bug #2382208 - libinput potentially logs key codes into system logs
https://bugzilla.redhat.com/show_bug.cgi?id=2382208
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-deb3a02c42' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: libinput
Product: Fedora 42
Version: 1.28.903
Release: 1.fc42
URL:
Summary: Input device library
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!