Ubuntu 5382-1: libinput vulnerability | LinuxSecurity.com
==========================================================================
Ubuntu Security Notice USN-5382-1
April 20, 2022

libinput vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

libinput could be made to crash or expose sensitive information.

Software Description:
- libinput: Input device management and event handling library

Details:

Albin Eldstål-Ahrens and Lukas Lamster discovered libinput did not properly
handle input devices with specially crafted names. A local attacker with
physical access could use this to cause libinput to crash or expose
sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
  libinput10                      1.18.1-1ubuntu0.1

Ubuntu 20.04 LTS:
  libinput10                      1.15.5-1ubuntu0.3

Ubuntu 18.04 LTS:
  libinput10                      1.10.4-1ubuntu0.18.04.3

After a standard system update you need to log out of all desktop sessions
and then log back in to make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-5382-1
  CVE-2022-1215

Package Information:
  https://launchpad.net/ubuntu/+source/libinput/1.18.1-1ubuntu0.1
  https://launchpad.net/ubuntu/+source/libinput/1.15.5-1ubuntu0.3
  https://launchpad.net/ubuntu/+source/libinput/1.10.4-1ubuntu0.18.04.3

Ubuntu 5382-1: libinput vulnerability

April 21, 2022

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: libinput could be made to crash or expose sensitive information. Software Description: - libinput: Input device management and event handling library Details: Albin Eldstål-Ahrens and Lukas Lamster discovered libinput did not properly handle input devices with specially crafted names. A local attacker with physical access could use this to cause libinput to crash or expose sensitive information.

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: libinput10 1.18.1-1ubuntu0.1 Ubuntu 20.04 LTS: libinput10 1.15.5-1ubuntu0.3 Ubuntu 18.04 LTS: libinput10 1.10.4-1ubuntu0.18.04.3 After a standard system update you need to log out of all desktop sessions and then log back in to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5382-1

CVE-2022-1215

Severity
Ubuntu Security Notice USN-5382-1

Package Information

https://launchpad.net/ubuntu/+source/libinput/1.18.1-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libinput/1.15.5-1ubuntu0.3 https://launchpad.net/ubuntu/+source/libinput/1.10.4-1ubuntu0.18.04.3

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.