Anonymizing Linux: Emergency update Tails 7.4.2 closes kernel vulnerability
The kernel of older Tails versions contains security vulnerabilities. Version 7.4.2 of the anonymizing Linux distribution closes them.
(Image: heise medien)
The developers of the anonymizing Linux distribution Tails have released version 7.4.2, which they themselves describe as an emergency update. In it, they close several security vulnerabilities in the Linux kernel.
In the release announcement for Tails 7.4.2, they explain that this version represents an "emergency release to fix critical security vulnerabilities in the Linux kernel." The security advisory DSA 6126-1 for the updated Debian kernel 6.12.69-1 includes over a hundred vulnerabilities; however, not all of them are severe. The consequences, however, would be fatal: "If attackers are able to exploit other, previously unknown vulnerabilities in software included in Tails, they can gain full control over your Tails and deanonymize you through DSA 6126-1," the Tails programmers explain.
Vulnerabilities difficult to exploit
However, attacks are very unlikely, they emphasize. They could, however, be carried out by "strong attackers such as governments or hacking firms." The Tails maintainers are not aware of any such attacks being carried out in practice.
The new Tails version also includes the mail client Thunderbird in version 140.7.1. The programmers have resolved issues such as opening Wi-Fi settings from the Tor connection assistant. Reopening Electrum should now work again if it was not closed cleanly before. They have also corrected that the language selected and saved to a USB stick is applied in the welcome dialog.
Videos by heise
As usual, the current Tails version is available for download on the Tor website as an image for transferring to USB sticks and as an ISO image for VMs or for burning to DVDs. Those interested can carry the USB stick version with them to start a secure and protected environment for anonymous web browsing on foreign computers. This allows, for example, censorship measures to be bypassed.
Two weeks ago, the Tails maintainers released version 7.4.1. This was also an emergency update, which in particular brought the included OpenSSL library up to date 3.5.4. This corrects errors that allow attackers to inject malicious code and subsequently deanonymize users in the Tor context, the developers explained.
(dmk)
