The Linux distribution Tails is aimed at all users who want to surf the Internet in the safest and anonymous way possible in a simple way.
The distribution was recently updated, with only a few weeks after its version 3.9 was released. The developers of this Linux distro found it necessary to release an update because they found some security issues on it.
The version of Tails 3.9.1 now released fixes some vulnerabilities, so the developers recommend updating as soon as possible.
Among the critical errors that were found, we can highlight those that affect the default web browser of the Tor Browser distribution and the Thunderbird email client.
This release is an emergency release to fix said critical security vulnerabilities. Which put the security of the user as well as their information at risk, with which these represent a problem to the philosophy of Tails.
About security bugs.
The vulnerability found that aaffects both Tor and Thunderbird browser, described as "CVE-2018-12385" it is a crash on TransportSecurityInfo due to cached data.
TransportSecurityInfodata cached locally in the user profile directory can trigger a potentially exploitable failure used for SSL.
This issue is only exploitable in combination with another vulnerability that allows an attacker to write data to the local cache or from locally installed malware.
And within the other vulnerabilities that can be highlighted its correction we find the one that affects Python 2.7 CVE-2018-1060, CVE-2018-1061, CVE-2018-14647, CVE-2018-1000802.
Multiple security issues were discovered in Python: ElementTree was not initializing the Expat hash's "salt" element, two denial of service issues were found in difflib and poplib, and the shutil module was affected by a command injection vulnerability .
Tails 3.9.1 updates Tor browser to version 8.0.2, which fixes two vulnerabilities in JavaScript processing.
For the same reason, the developers have also updated the Thunderbird email client to version 60.0.3.
In addition, Tails 3.9.1 fixes some minor issues.
Therefore, the encrypted VeraCrypt containers can now be opened again via the files in the Gnome file manager.
Also the help on the Gnome videos is accessible again.
In addition, the developers have fixed an issue with the stored repositories so that updating the package lists (via "sudo apt-get update") is working again.
Among the changes that we can highlight in this new correction update we find:
Security fixes
- Tor browser update to 8.0.2, based on Firefox 60.2.1
- Updated Thunderbird to 60.0-3 ~ deb9u1.0tails2
- Curl was updated to 7.52.1-5 + deb9u7
- Ghostscript arrives with its version 9.20 ~ dfsg-3.2 + deb9u5
- Update libarchive-zip-perl to 1.59-1 + deb9u1
- Update from libkpathsea6 to 2016.20160513.41080.dfsg-2 + deb9u1
- LittleCMS 2, aka. liblcms2-2, a 2.8-4 + deb9u1
- Python 2.7 was updated to 2.7.13-2 + deb9u3
- Python 3.5 upgrade to 3.5.3-1 + deb9u1
For now, the developers recommend updating as soon as possible. If you want to know more about this new bug fix release you can visit the following link.
How to upgrade to Tails 3.9.1?
If you are a user of the 3.9 version of Tails, it is necessary to update your system. The easiest way is by running update commands on the system.
To do this you must open a terminal on your system and type the following commands:
apt-get update
apt-get upgrade
apt-get dist-upgrade
Download Tails 3.9.1
Finally, if you don't have Tails installed on your computer yet and you want to download and install this anonymity-focused Linux distribution on your computer or you want to test it under a virtual machine.
You just have to go to the official website of the distribution and in its download section you can get the image of the system.
Also with detailed instructions to install this distribution along with other of the different current operating systems.