Slackware Linux has released urgent security patches for libinput and dnsmasq to address critical vulnerabilities in versions 15.0 and the rolling current branch. The libinput update resolves an unescaped physical output flaw that could potentially allow arbitrary root code execution through malicious udev properties, though local access restrictions currently limit immediate exploitation risk. Meanwhile, the dnsmasq upgrade addresses a separate memory corruption flaw that triggers during unusually long domain lookups. Administrators should grab the new files from official FTP mirrors and run the standard root installation commands right away to keep their systems secure.

libinput (SSA:2026-155-02)
dnsmasq (SSA:2026-155-01)

libinput (SSA:2026-155-02)

libinput (SSA:2026-155-02)

New libinput packages are available for Slackware 15.0 and -current to
fix a security issue.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/libinput-1.31.3-i586-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
libinput-device-group unescaped phys output can inject udev properties
leading to arbitrary root code execution.
Note that since /dev/uinput and /dev/uhid are only accessible by root on
Slackware (and unlike some other distributions we make no exceptions), we
were not vulnerable to this flaw.
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libinput-1.31.3-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libinput-1.31.3-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/libinput-1.31.3-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/libinput-1.31.3-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
a7c5cfa9b6363fd05589d23215fb0653 libinput-1.31.3-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
8f45f823f6f089908cee2b52b554a072 libinput-1.31.3-x86_64-1_slack15.0.txz

Slackware -current package:
a88f31f6b79f63173b74f1ff34463261 x/libinput-1.31.3-i686-1.txz

Slackware x86_64 -current package:
2970fd1385e2489df57978b158c5cfed x/libinput-1.31.3-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg libinput-1.31.3-i586-1_slack15.0.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key

dnsmasq (SSA:2026-155-01)

dnsmasq (SSA:2026-155-01)

New dnsmasq packages are available for Slackware 15.0 and -current to
fix a security issue.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/dnsmasq-2.93-i586-1_slack15.0.txz: Upgraded.
Rework storage allocation for domain names. This fixes a security bug that
can cause heap-overwrite with long domain names.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2026-2291
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
( http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/dnsmasq-2.93-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/dnsmasq-2.93-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/dnsmasq-2.93-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/dnsmasq-2.93-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 package:
6c4c2e00903ef7369dcce7d17469ba72 dnsmasq-2.93-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
a467649db9898cf052548832221ea939 dnsmasq-2.93-x86_64-1_slack15.0.txz

Slackware -current package:
2b95678be475195b96ffdf9b77eab789 n/dnsmasq-2.93-i686-1.txz

Slackware x86_64 -current package:
18adfd72ea72c5583f6df4f3a26e9d87 n/dnsmasq-2.93-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg dnsmasq-2.93-i586-1_slack15.0.txz

If dnsmasq is running, restart it:
# sh /etc/rc.d/rc.dnsmasq restart

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key