Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 7 articles for you...
99
security advisoryarbitrary code executionimportantSlackware libinput Important Arbitrary Code Execution Fix 2026-155-02
New libinput packages are available for Slackware 15.0 and -current to fix a security issue.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libinput (SSA:2026-155-02) New libinput packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/libinput-1.31.3-i586-1_slack15.0.txz: Upgraded. This update fixes a security issue: libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution. Note that since /dev/uinput and /dev/uhid are only accessible by root on Slackware (and unlike some other distributions we make no exceptions), we were not vulnerable to this flaw. (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libinput-1.31.3-i586-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libinput-1.31.3-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/libinput-1.31.3-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/libinput-1.31.3-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: a7c5cfa9b6363fd05589d23215fb0653 libinput-1.31.3-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 8f45f823f6f089908cee2b52b554a072 libinput-1.31.3-x86_64-1_slack15.0.txz Slackware -current package: a88f31f6b79f63173b74f1ff34463261 x/libinput-1.31.3-i686-1.txz Slackware x86_64 -current package: 2970fd1385e2489df57978b158c5cfed x/libinput-1.31.3-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg libinput-1.31.3-i586-1_slack15.0.txz +-----+ . libinput packages for Slackware 15.0 address a significant security flaw that can lead to root code execution.. libinput packages security Slackware root execution. . Severity: Important. LinuxSecurity.com Team
Jun 04, 2026
•Important
Slackware
89
security advisoryfedorasoftware patchUbuntu 24 Wayland Input Handling Major Security Patch 2023-78c9e217d14
libinput 1.31.1, fixes Lua plugin sandbox escape (CVE-2026-35093, CVE-2026-35094). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-56fa441129 2026-04-25 01:21:36.171702+00:00 -------------------------------------------------------------------------------- Name : libinput Product : Fedora 44 Version : 1.31.1 Release : 1.fc44 URL : http://www.freedesktop.org/wiki/Software/libinput/ Summary : Input device library Description : libinput is a library that handles input devices for display servers and other applications that need to directly deal with input devices. It provides device detection, device handling, input device event processing and abstraction so minimize the amount of custom input code the user of libinput need to provide the common set of functionality that users expect. -------------------------------------------------------------------------------- Update Information: libinput 1.31.1, fixes Lua plugin sandbox escape (CVE-2026-35093, CVE-2026-35094) -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2026 Peter Hutterer - 1.31.1-1 - libinput 1.31.1 (CVE-2026-35093, CVE-2026-35094) -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-56fa441129' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list
Apr 25, 2026
•Critical
Fedora
202
security advisorymoderateOpenSUSEopenSUSE Tumbleweed libinput-devel Moderate Security Issues 10489-1
An update that solves 2 vulnerabilities can now be installed.. # libinput-devel-1.31.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10489-1 Rating: moderate Cross-References: * CVE-2026-35093 * CVE-2026-35094 CVSS scores: * CVE-2026-35093 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-35093 ( SUSE ): 6.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H * CVE-2026-35094 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-35094 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the libinput-devel-1.31.1-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * libinput-devel 1.31.1-1.1 * libinput-tools 1.31.1-1.1 * libinput-udev 1.31.1-1.1 * libinput10 1.31.1-1.1 * libinput10-32bit 1.31.1-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35093.html * https://www.suse.com/security/cve/CVE-2026-35094.html . Discover fixes for two moderate security issues in libinput-devel on openSUSE Tumbleweed with CVE-2026-35093 and CVE-2026-35094.. libinput, openSUSE, security update, moderate severity. . LinuxSecurity.com Team
Apr 05, 2026
OpenSUSE
89
security advisoryfedoraupdateFedora 43 libinput 1.30.3 2026-5aafda8cd8 CVE-2026-35093 CVE-2026-35094
libinput 1.30.3, fixes Lua plugin sandbox escape (CVE-2026-35093,CVE-2026-35094). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-5aafda8cd8 2026-04-05 00:52:10.725744+00:00 -------------------------------------------------------------------------------- Name : libinput Product : Fedora 43 Version : 1.30.3 Release : 1.fc43 URL : https://www.freedesktop.org/wiki/Software/libinput/?__goaway_challenge=meta-refresh&__goaway_id=bf35b467ae9bf04d5a53573f6e94f160 Summary : Input device library Description : libinput is a library that handles input devices for display servers and other applications that need to directly deal with input devices. It provides device detection, device handling, input device event processing and abstraction so minimize the amount of custom input code the user of libinput need to provide the common set of functionality that users expect. -------------------------------------------------------------------------------- Update Information: libinput 1.30.3, fixes Lua plugin sandbox escape (CVE-2026-35093,CVE-2026-35094) -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2026 Peter Hutterer - 1.30.3-1 - libinput 1.30.3 (CVE-2026-35093, CVE-2026-35094) -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-5aafda8cd8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 05, 2026
•Important
Fedora
91
security advisoryhigh severitygentooGentoo GLSA-202310-14 High: Libinput Format String Exploit
A vulnerability has been discovered in libinput where an attacker may run malicous code by exploiting a format string vulnerability.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202310-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: libinput: format string vulnerability when using xf86-input-libinput Date: October 26, 2023 Bugs: #839729 ID: 202310-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in libinput where an attacker may run malicous code by exploiting a format string vulnerability. Background ========== A library to handle input devices in Wayland and, via xf86-input- libinput, in X.org. Affected packages ================= Package Vulnerable Unaffected ----------------- ------------ ------------ dev-libs/libinput < 1.20.1 > = 1.20.1 Description =========== An attacker may be able to run malicious code by exploiting a format string vulnerability. Please review the CVE identifier referenced below for details. Impact ====== When a device is detected by libinput, libinput logs several messages through log handlers set up by the callers. These log handlers usually eventually result in a printf call. Logging happens with the privileges of the caller, in the case of Xorg this may be root. The device name ends up as part of the format string and a kernel device with printf-style format string placeholders in the device name can enable an attacker to run malicious code. An exploit is possible through any device where the attacker controls the device name, e.g. /dev/uinput or Bluetooth devices. Workaround ========== There is no known workaround at this time. Resolution ========== All libinputusers should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-libs/libinput-1.20.1" References ========== [ 1 ] CVE-2022-1215 https://nvd.nist.gov/vuln/detail/CVE-2022-1215 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202310-14 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Oct 26, 2023
Gentoo
217
security advisorymoderatesecurity issueOracle Linux 9 ELSA-2022-5257 Moderate: Libinput Format Fix
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-5257 https://linux.oracle.com/errata/ELSA-2022-5257.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: libinput-1.19.3-2.el9_0.i686.rpm libinput-1.19.3-2.el9_0.x86_64.rpm libinput-utils-1.19.3-2.el9_0.x86_64.rpm libinput-devel-1.19.3-2.el9_0.i686.rpm libinput-devel-1.19.3-2.el9_0.x86_64.rpm aarch64: libinput-1.19.3-2.el9_0.aarch64.rpm libinput-utils-1.19.3-2.el9_0.aarch64.rpm libinput-devel-1.19.3-2.el9_0.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol9/SRPMS-updates/libinput-1.19.3-2.el9_0.src.rpm Related CVEs: CVE-2022-1215 Description of changes: [1.19.3-2] - CVE-2022-1215: fix a format string vulnerability (#2076816) _______________________________________________ El-errata mailing list
Jul 01, 2022
Oracle
217
security advisorymoderatesecurity updateOracle Linux 8 ELSA-2022-5331 Moderate: Libinput Format Flaw
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-5331 https://linux.oracle.com/errata/ELSA-2022-5331.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: libinput-1.16.3-3.el8_6.i686.rpm libinput-1.16.3-3.el8_6.x86_64.rpm libinput-utils-1.16.3-3.el8_6.x86_64.rpm libinput-devel-1.16.3-3.el8_6.i686.rpm libinput-devel-1.16.3-3.el8_6.x86_64.rpm aarch64: libinput-1.16.3-3.el8_6.aarch64.rpm libinput-utils-1.16.3-3.el8_6.aarch64.rpm libinput-devel-1.16.3-3.el8_6.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates/libinput-1.16.3-3.el8_6.src.rpm Related CVEs: CVE-2022-1215 Description of changes: [1.16.3-3] - Fix a format string vulnerability in the device name logging (#2076815) CVE-2022-1215 _______________________________________________ El-errata mailing list
Jul 01, 2022
Oracle
98
security advisorymoderatesecurity updateRed Hat: RHSA-2022-5257-01 Moderate: Libinput Privilege Escalation
An update for libinput is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: libinput security update Advisory ID: RHSA-2022:5257-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5257 Issue date: 2022-06-28 CVE Names: CVE-2022-1215 ==================================================================== 1. Summary: An update for libinput is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: libinput is a library that handles input devices for display servers and other applications that need to directly deal with input devices. Security Fix(es): * libinput: format string vulnerability may lead to privilege escalation (CVE-2022-1215) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2074952 - CVE-2022-1215 libinput:format string vulnerability may lead to privilege escalation 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: libinput-1.19.3-2.el9_0.src.rpm aarch64: libinput-1.19.3-2.el9_0.aarch64.rpm libinput-debuginfo-1.19.3-2.el9_0.aarch64.rpm libinput-debugsource-1.19.3-2.el9_0.aarch64.rpm libinput-test-debuginfo-1.19.3-2.el9_0.aarch64.rpm libinput-utils-1.19.3-2.el9_0.aarch64.rpm libinput-utils-debuginfo-1.19.3-2.el9_0.aarch64.rpm ppc64le: libinput-1.19.3-2.el9_0.ppc64le.rpm libinput-debuginfo-1.19.3-2.el9_0.ppc64le.rpm libinput-debugsource-1.19.3-2.el9_0.ppc64le.rpm libinput-test-debuginfo-1.19.3-2.el9_0.ppc64le.rpm libinput-utils-1.19.3-2.el9_0.ppc64le.rpm libinput-utils-debuginfo-1.19.3-2.el9_0.ppc64le.rpm s390x: libinput-1.19.3-2.el9_0.s390x.rpm libinput-debuginfo-1.19.3-2.el9_0.s390x.rpm libinput-debugsource-1.19.3-2.el9_0.s390x.rpm libinput-test-debuginfo-1.19.3-2.el9_0.s390x.rpm libinput-utils-1.19.3-2.el9_0.s390x.rpm libinput-utils-debuginfo-1.19.3-2.el9_0.s390x.rpm x86_64: libinput-1.19.3-2.el9_0.i686.rpm libinput-1.19.3-2.el9_0.x86_64.rpm libinput-debuginfo-1.19.3-2.el9_0.i686.rpm libinput-debuginfo-1.19.3-2.el9_0.x86_64.rpm libinput-debugsource-1.19.3-2.el9_0.i686.rpm libinput-debugsource-1.19.3-2.el9_0.x86_64.rpm libinput-test-debuginfo-1.19.3-2.el9_0.i686.rpm libinput-test-debuginfo-1.19.3-2.el9_0.x86_64.rpm libinput-utils-1.19.3-2.el9_0.x86_64.rpm libinput-utils-debuginfo-1.19.3-2.el9_0.i686.rpm libinput-utils-debuginfo-1.19.3-2.el9_0.x86_64.rpm Red Hat CodeReady Linux Builder (v.9): aarch64: libinput-debuginfo-1.19.3-2.el9_0.aarch64.rpm libinput-debugsource-1.19.3-2.el9_0.aarch64.rpm libinput-devel-1.19.3-2.el9_0.aarch64.rpm libinput-test-debuginfo-1.19.3-2.el9_0.aarch64.rpm libinput-utils-debuginfo-1.19.3-2.el9_0.aarch64.rpm ppc64le: libinput-debuginfo-1.19.3-2.el9_0.ppc64le.rpm libinput-debugsource-1.19.3-2.el9_0.ppc64le.rpm libinput-devel-1.19.3-2.el9_0.ppc64le.rpm libinput-test-debuginfo-1.19.3-2.el9_0.ppc64le.rpm libinput-utils-debuginfo-1.19.3-2.el9_0.ppc64le.rpm s390x: libinput-debuginfo-1.19.3-2.el9_0.s390x.rpm libinput-debugsource-1.19.3-2.el9_0.s390x.rpm libinput-devel-1.19.3-2.el9_0.s390x.rpm libinput-test-debuginfo-1.19.3-2.el9_0.s390x.rpm libinput-utils-debuginfo-1.19.3-2.el9_0.s390x.rpm x86_64: libinput-debuginfo-1.19.3-2.el9_0.i686.rpm libinput-debuginfo-1.19.3-2.el9_0.x86_64.rpm libinput-debugsource-1.19.3-2.el9_0.i686.rpm libinput-debugsource-1.19.3-2.el9_0.x86_64.rpm libinput-devel-1.19.3-2.el9_0.i686.rpm libinput-devel-1.19.3-2.el9_0.x86_64.rpm libinput-test-debuginfo-1.19.3-2.el9_0.i686.rpm libinput-test-debuginfo-1.19.3-2.el9_0.x86_64.rpm libinput-utils-debuginfo-1.19.3-2.el9_0.i686.rpm libinput-utils-debuginfo-1.19.3-2.el9_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-1215 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYr6Vx9zjgjWX9erEAQgDZQ/+LE4gkZAB/xKeUf1ieMYdn9/AAJBGvcCk 9L2SpD+HSW/f5zsmceT3lpl92BT6PgPUdvH6FJ6pV2CH+K0USpdogEKmVu4fAKcw jc+hykKTB1hkb2gIizhCKoFK44sz5oYDTRJJJl3Mlfez7KZSHitqRCC3RuQ+xqGq rbb/Ul7flJjsklJRjB6uowrUoM5N0fS5YQEiCUA7o52qNORD3nLryM8Kg0cinWPB pvjaK+khdt/Nq8o4i8+SdynF393ZYK9LSBtSsdw8Niro3V62eBp4ibWWin7wfsmD 8y+UiXMTVrE6B2keO9Ap1P54KkLTr+Vl2agYYpBj3E9ZRCBvX2PSbtv4EulpdjbQ vnBrN8/wyxPjvGS4qkWReY33YHNHu5Sf2+wklgO+3E9L7vnIuWYbWtc53sQfT0e5 vUhMnw1kMgXf3rWiZeDjSNaBkVNyDSqNVPotMMbLPWtuCw12fCCBSY73AawGGy2Z 1QsmM4S8hqsX/CH+MMHDxzKuzKN70HBT87Ubqghc7wOF5jVhHWCMq1nhyymN+Pty bDoBq26qS5/Wff43Y4LHfu23BYs6IRq9HZjYeD9vZTwTJ7TsL1WZ7VHNFOHBnuXL wy0Y0mZEwUHbw9eWBWR2w62RSLCN+afPjTdz/itIibv/3tulrS/9LVVIJLI+wWp6 XMLK800/ihM=Xcgo -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 01, 2022
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!