Anonymizing Linux: Tails 6.11 plugs critical security leaks
Version 6.11 of the Linux distribution Tails, which you can take with you on a USB stick to surf the net anonymously, closes critical security gaps.
(Image: heise online / dmk)
The recently released version 6.11 of the anonymizing Linux Tails closes security gaps classified as critical risks. Users are therefore strongly advised to update.
However, the version announcement promises even more corrections for the Linux to go on USB sticks. The vulnerabilities classified as critical can be exploited by attackers if they gain control of an application in Tails, explain the Tails developers. They can then abuse a vulnerability in the Tails Upgrader to install a malicious upgrade and gain permanent control of Tails. As a workaround, a manual upgrade can delete such malicious software.
Other critical vulnerabilities
Attackers with control over an app can also abuse vulnerabilities in other apps, which can lead to deanonymization or monitoring of web browsing and the like. As examples, the maintainers list that in Onion Circuits, attackers can obtain information about Tor circuits or close them, access the Internet in Unsafe Browser without connecting to the Tor network, monitor browsing activities in Tor Browser or reconfigure or block the connection to the Tor network in Tor Connection. Manipulation of the persistent memory is also possible. It remains unclear how attackers can gain this control over apps.
Videos by heise
Version 6.11 of Tails corrects all of this. In addition, the distribution can now warn that partition errors have occurred – This can happen due to defective or counterfeit hardware, software errors or if the USB stick with Tails is removed during operation. If such errors are detected, Tails now recommends reinstalling or using a new USB stick.
The Tor browser has been updated to version 14.0.4, Thunderbird to 128.5.0esr. Support for hardware wallets in Electrum has been removed, as Trezor wallets no longer work since Debian 12 (Bookworm), which also affects Tails 6.0 and newer. The Gnome text editor no longer opens the last edited file automatically at startup. The Tor icon menu in the status bar now contains a link to start the Tor Connection Wizard.
The updated tails images can be found on a web page for installation on USB sticks and on another for images for virtual machines and for burning to DVD.
(dmk)
