Libinput Hit By Worrying Security Issues With Its Lua Plug-In System
Summary
Phoronix reports security issues in libinput's Lua plug-in system, including a sandbox escape via pre-compiled bytecode and a use-after-free vulnerability. Libinput 1.31.1 and 1.30.3 have been released with fixes; admins using X.Org and Wayland should patch promptly and consider disabling Lua plug-ins until patched.