X.org has issued an advisory today (April 20): https://lists.x.org/archives/xorg-announce/2022-April/003159.html The issue is fixed upstream in 1.20.1 and in a commit linked in the message above. Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 1.20.1Whiteboard: (none) => MGA8TOO
Ubuntu has issued an advisory for this on April 20: https://ubuntu.com/security/notices/USN-5382-1
Assigning to NicolasS who has just done the version update in Cauldron (merci).
Assignee: bugsquad => nicolas.salguero
Suggested advisory: ======================== The updated packages fix a security vulnerability: libinput could be made to crash or expose sensitive information. (CVE-2022-1215) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1215 https://lists.x.org/archives/xorg-announce/2022-April/003159.html https://ubuntu.com/security/notices/USN-5382-1 ======================== Updated packages in core/updates_testing: ======================== lib(64)input10-1.16.4-1.1.mga8 lib(64)input-devel-1.16.4-1.1.mga8 libinput-test-1.16.4-1.1.mga8 libinput-tools-1.16.4-1.1.mga8 libinput-udev-1.16.4-1.1.mga8 from SRPM: libinput-1.16.4-1.1.mga8.src.rpm
Whiteboard: MGA8TOO => (none)CVE: (none) => CVE-2022-1215CC: (none) => nicolas.salgueroStatus: NEW => ASSIGNEDStatus comment: Fixed upstream in 1.20.1 => (none)Source RPM: libinput-1.20.0-2.mga9.src.rpm => libinput-1.16.4-1.mga8.src.rpmAssignee: nicolas.salguero => qa-bugsVersion: Cauldron => 8
No easily-found previous updates, but I found this at https://wayland.freedesktop.org/libinput/doc/latest/what-is-libinput.html "libinput is an input stack for processes that need to provide events from commonly used input devices. That includes mice, keyboards, touchpads, touchscreens and graphics tablets. libinput handles device-specific quirks and provides an easy-to-use API to receive events from devices." urpmq --whatrequires lib64libinput indicates that it is required by several Plasma-related packages, so I tested it with a test mga8-64 Plasma install on an HP Probook 6550b that has a Logitech wireless mouse installed in addition to its touchpad and keyboard as input devices. No installation issues. While it wasn't specifically required, I did a shutdown and cold boot to check on device detection. All devices were detected, and functioning. Tap-to-click was not working, but that is the Plasma default and I had not changed it on this test install. I did that with the system settings gui, and it worked. I also switched from two-fingered scrolling to edge-scrolling, and back again, and both settings worked. Mouse and keyboard were both functioning as expected. Giving this a 64-bit OK. As this is such a basic function I want to give it a test on real 32-bit hardware before validating, but that will have to wait a few hours until my work day is done.
CC: (none) => andrewsfarmWhiteboard: (none) => MGA8-64-OK
MGA8-32 Xfce on Foolishness, my Dell Inspiron 5100. No installation issues. I did some of the tests from Comment 4, two-finger scrool, tap-to-click, one finger moves the cursor. Both touchpad buttons work. Muse works as expected, as does the keyboard. Xfce doesn'r seem to have the same touchpad options available in Plasma, or if it does I couldn't find in settings where to play with them. But, over all, it seems to be working as designed. OKing, and validating. Advisory in Comment 3.
CC: (none) => sysadmin-bugsWhiteboard: MGA8-64-OK => MGA8-32-OK MGA8-64-OKKeywords: (none) => validated_update
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0150.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED