The first updates for Fedora Linux 44 have just been published, including security fixes targeting four packages. PackageKit now includes a backported patch that eliminates a race condition capable of granting attackers full root privileges. Firefox and its companion Network Security Services library both received fresh releases to neutralize hundreds of undisclosed flaws. Meanwhile, the libexif component finally addresses multiple CVEs involving dangerous integer overflows in image metadata parsing.

Fedora 44 Update: PackageKit-1.3.4-3.fc44
Fedora 44 Update: firefox-150.0-1.fc44
Fedora 44 Update: nss-3.122.1-1.fc44
Fedora 44 Update: libexif-0.6.26-1.fc44

[SECURITY] Fedora 44 Update: PackageKit-1.3.4-3.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-6c121b3d4c
2026-04-24 05:55:55.878923+00:00
--------------------------------------------------------------------------------

Name : PackageKit
Product : Fedora 44
Version : 1.3.4
Release : 3.fc44
URL : http://www.freedesktop.org/software/PackageKit/
Summary : Package management service
Description :
PackageKit is a D-Bus abstraction layer that allows the session user
to manage packages in a secure way using a cross-distro,
cross-architecture API.

--------------------------------------------------------------------------------
Update Information:

Backport fix for race condition leading to root compromise (GHSA-f55j-vvr9-69xv)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 22 2026 Neal Gompa [ngompa@fedoraproject.org] - 1.3.4-3
- Actually apply patch for security fix
* Wed Apr 22 2026 Neal Gompa [ngompa@fedoraproject.org] - 1.3.4-2
- Backport fix for GHSA-f55j-vvr9-69xv
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2460579 - Local Privilege escalation: Run code as root due to race condition in PackageKit
https://bugzilla.redhat.com/show_bug.cgi?id=2460579
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-6c121b3d4c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: firefox-150.0-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-fb08ad61f2
2026-04-24 05:55:55.878917+00:00
--------------------------------------------------------------------------------

Name : firefox
Product : Fedora 44
Version : 150.0
Release : 1.fc44
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------
Update Information:

Update NSS to 3.122.1
Update to Firefox 150.0
New upstream release (149.0.2)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 16 2026 Martin Stransky [stransky@redhat.com] - 150.0-1
- Update to latest upstream (150.0)
* Wed Apr 8 2026 Martin Stransky [stransky@redhat.com] - 149.0.2-1
- Update to latest upstream (149.0.2)
* Tue Apr 7 2026 [zomcd.rhbz@outlook.com] - 149.0-6
- Fixed rhbz#2449217 - Firefox launch script does not use
XDG_CONFIG_HOME for extensions.
* Tue Apr 7 2026 Martin Stransky [stransky@redhat.com] - 149.0-5
- Add fix for mzbz#2026403 - some popups still blurry with
fractional scaling in GNOME
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2460531 - Firefox 150 fixes 271 unspecified security issues (F44 blocker consideration)
https://bugzilla.redhat.com/show_bug.cgi?id=2460531
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-fb08ad61f2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: nss-3.122.1-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-fb08ad61f2
2026-04-24 05:55:55.878917+00:00
--------------------------------------------------------------------------------

Name : nss
Product : Fedora 44
Version : 3.122.1
Release : 1.fc44
URL : http://www.mozilla.org/projects/security/pki/nss/
Summary : Network Security Services
Description :
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled client and
server applications. Applications built with NSS can support SSL v2
and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
v3 certificates, and other security standards.

--------------------------------------------------------------------------------
Update Information:

Update NSS to 3.122.1
Update to Firefox 150.0
New upstream release (149.0.2)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr 20 2026 Frantisek Krenzelok [fkrenzel@redhat.com] - 3.122.1-1
- Update NSS to 3.122.1
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2460531 - Firefox 150 fixes 271 unspecified security issues (F44 blocker consideration)
https://bugzilla.redhat.com/show_bug.cgi?id=2460531
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-fb08ad61f2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

[SECURITY] Fedora 44 Update: libexif-0.6.26-1.fc44

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-fd361a6f7f
2026-04-24 05:55:55.878864+00:00
--------------------------------------------------------------------------------

Name : libexif
Product : Fedora 44
Version : 0.6.26
Release : 1.fc44
URL : https://libexif.github.io/
Summary : Library for extracting extra information from image files
Description :
Most digital cameras produce EXIF files, which are JPEG files with
extra tags that contain information about the image. The EXIF library
allows you to parse an EXIF file and read the data from those tags.

--------------------------------------------------------------------------------
Update Information:

Update to 0.6.26, fixing several CVEs
https://github.com/libexif/libexif/releases/tag/v0.6.26
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 14 2026 Packit [hello@packit.dev] - 0.6.26-1
- Update to 0.6.26 upstream release
- Resolves: rhbz#2458177
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2457746 - CVE-2026-40386 libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote decoding [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2457746
[ 2 ] Bug #2457747 - CVE-2026-40385 libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2457747
[ 3 ] Bug #2458177 - libexif-0.6.26 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2458177
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-fd361a6f7f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new