Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Fedora 44 Nix 2.34 Critical Privilege Escalation Fix GHSA-g3g9-5vj6-r3gj

fedora
Calendar Grey April 16, 2026
Dist Fedora Esm H88
Critical update for nix version 2.34 on Fedora 44 addresses privilege escalation issue. Recommended installation.
update to 2.34 https://nix.dev/manual/nix/2.34/release-notes/rl-2.33.html https://nix.dev/manual/nix/2.34/release-notes/rl-2.34.html includes fix for nix-daemon critical GHSA-g3g9-...

Summary

Nix is a purely functional package manager.

It allows multiple versions of a package to be installed side-by-side,

ensures that dependency specifications are complete,

supports atomic upgrades and rollbacks,

allows non-root users to install software, and has many other features.

It is the basis of the NixOS Linux distribution,

but it can be used equally well under other Unix systems.

See the README.fedora.md file for setup instructions.

Update Information:

update to 2.34 https://nix.dev/manual/nix/2.34/release-notes/rl-2.33.html https://nix.dev/manual/nix/2.34/release-notes/rl-2.34.html includes fix for nix-daemon critical GHSA-g3g9-5vj6-r3gj (CVE-2026-39860) https://github.com/NixOS/nix/security/advisories/GHSA-g3g9-5vj6-r3gj

Topics%20covered

Topics Covered

security advisory fedora critical privilege escalation threat NIX

Change Log

* Wed Apr 8 2026 Jens Petersen - 2.34.5-1 - update to 2.34.5 (rhbz#2456246) - fixes nix-daemon critical GHSA-g3g9-5vj6-r3gj (CVE-2026-39860) * Tue Apr 7 2026 Jens Petersen - 2.34.4-2 - add CI gating for tier0 and installability tests * Tue Apr 7 2026 Zbigniew J\u0119drzejewski-Szmek - 2.34.4-1 - Version 2.34.4 (rhbz#2421165) - https://nix.dev/manual/nix/2.34/release-notes/rl-2.34.html * Thu Apr 2 2026 Jens Petersen - 2.33.3-10 - expand readme for nixGL * Thu Apr 2 2026 Jens Petersen - 2.33.3-9 - Readme: add section about nixGL flake for graphics * Tue Mar 31 2026 Jens Petersen - 2.33.3-8 - define ssl-cert-file for F44 in nix.conf * Tue Mar 31 2026 Jens Petersen - 2.33.3-7 - move mdbook comment to meson options * Tue Mar 31 2026 Jens Petersen - 2.33.3-6 - tests: add nix --version * Tue Mar 31 2026 Jens Petersen - 2.33.3-5 - readme: improve testing section * Tue Mar 31 2026 Jens Petersen - 2.33.3-4 - tests: add ca-certificates and a nix run test * Sat Mar 21 2026 Jens Petersen - 2.33.3-3 - move boost version comment * Sat Mar 21 2026 Jens Petersen - 2.33.3-2 - relnotes unicode RLO removal no longer needed

References


[ 1 ] Bug #2436319 - nix-shell man page contains {{#include ./opt-common.md}} https://bugzilla.redhat.com/show_bug.cgi?id=2436319 [ 2 ] Bug #2456246 - nix-2.34.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2456246 [ 3 ] Bug #2456893 - CVE-2026-39860 nix: privilege escalation via symlink following during output registration [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456893

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-8c7366e046' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: nix
Product: Fedora 44
Version: 2.34.5
Release: 1.fc44
URL: https://github.com/NixOS/nix
Summary: A purely functional package manager

Topics%20covered

Topics Covered

security advisory fedora critical privilege escalation threat NIX

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here