MGASA-2026-0208

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2026-0208.html

Import Source

https://advisories.mageia.org/MGASA-2026-0208.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2026-0208

Upstream

CVE-2026-50292

Published

2026-06-15T15:56:35Z

Modified

2026-06-15T16:00:03.968496534Z

Summary

Updated libinput packages fix security vulnerability

Details

In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / libinput

Package

Name: libinput
Purl: pkg:rpm/mageia/libinput?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.23.0-2.1.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2026-0208.json"