Anonymizing Linux Tails: Emergency update 7.7.3 fixes DirtyFrag vulnerability
The anonymizing Linux Tails has been released as the next emergency update in version 7.7.3. It closes the DirtyFrag vulnerability.
Tails 7.7.3 is another emergency update.
(Image: heise medien)
Tails, the Linux distribution designed for anonymous web browsing, has received another emergency update. It primarily closes the DirtyFrag privilege escalation vulnerability in the Linux kernel. NAS manufacturers like Qnap and Synology have also investigated and are partly working on similar updates.
Anyone using Tails, for example on a USB stick, to boot from different computers and browse the web anonymously should quickly apply the now available update. According to the version announcement, the update to Tails 7.7.3 specifically closes the Linux kernel vulnerability known as “DirtyFrag” that became public last week. This allows local attackers or apps to gain root privileges. If attackers exploit another, previously unknown security vulnerability in Tails, they can misuse “Copy Fail” to gain control over Tails and deanonymize users, they explain – “Copy Fail” was a similarly structured privilege escalation vulnerability that also led to the discovery of “DirtyFrag”.
The Tails maintainers explicitly state that they are not aware of any misuse of the vulnerability in Tails in the wild so far. They also take the opportunity to update core components: the Tor Browser is included in version 15.0.12, the Tor client in version 0.4.9.8, and Thunderbird is at version 140.10.1. As always, images for USB sticks and ISO images for DVDs or for use in VMs are available for download.
Videos by heise
“DirtyFrag” fixes are rolling in
Tails is not the only one delivering an update to close the recently disclosed Linux kernel vulnerabilities. NAS provider Qnap is currently investigating which devices and software versions are vulnerable and announcing updates. According to them, most Qnap operating systems are vulnerable to one part of “DirtyFrag” (CVE-2026-43284) but not to the second, which has now received its own CVE ID (CVE-2026-43500). In the announcement, Qnap writes that there is no official kernel patch. This is not entirely true; for the first part, there are commits in the source code to fix the problem. Until Qnap releases updates, administrators should restrict shell access, only install trusted containers, and disable unused services, for example.
Synology has also investigated which devices are vulnerable to “DirtyFrag” and therefore require updates. The Synology developers write that no product from their company is affected by the Linux kernel vulnerabilities CVE-2026-43284 or CVE-2026-43500.
(dmk)
