The Tails Project released a new version of the security-focused Tails Linux distribution and advises users to upgrade as soon as possible to fix multiple security vulnerabilities impacting the previous Tails 4.1.1 version.
Tails (short for The Amnesic Incognito Live System) is a Linux distro focused on guarding its users’ anonymity and help them circumvent censorship by forcing all Internet connections through the Tor network.
The new Tails 4.2 version also comes with important improvements to its automatic upgrade feature, new command-line tools for SecureDrop users “to analyze the metadata of leaked documents on computers that cannot use the Additional Software feature”, and some additional updates.
Patched security vulnerabilities
Tails 4.2 fixes a long list of security issues affecting multiple components and all users are recommended to upgrade to this new release as soon as possible.
The security vulnerabilities patched in today’s release are linked below:
• Thunderbird: No MFSA published.
• Linux: CVE-2019-19602, CVE-2019-18811, CVE-2019-18660, CVE-2019-15291, CVE-2019-18683, CVE-2019-15099, CVE-2019-19524, CVE-2019-19051, CVE-2019-19047, CVE-2019-19045, CVE-2019-19534, CVE-2019-19529, CVE-2019-19052
• Cyrus SASL: Debian Security Advisory 4591
• Python ECDSA: Debian Security Advisory 4588
Automatic upgrades to Tails 4.2 are available from the 4.0, 4.1, and 4.1.1 versions, but you should manually upgrade using the following guides “if you cannot do an automatic upgrade or if the system fails to start afterward.
To manually upgrade you can use these guides, provided by the Tails team:
• macOS: https://tails.boum.org/upgrade/mac-overview/
• Linux: https://tails.boum.org/upgrade/linux-overview/
Automatic upgrades improvements
The Tails Project enhanced the automatic upgrade feature with the release of Tails 4.2. From now on, you can upgrade from all previous versions to the latest version.
“Until now, if your version of Tails was several months old, you sometimes had to do 2 or more automatic upgrades in a row,” the dev team says. “For example, to upgrade from Tails 3.12 to Tails 3.16, you first had to upgrade to Tails 3.14.”
In addition, you will only have to do manual upgrades between major Tails versions as is the case when you’ll have to upgrade to Tails 5.0 after its next year’s release.
“Until now, you could only do a limited number of automatic upgrades, after which you had to do a much more complicated ‘manual’ upgrade,” the developers add.
As a bonus, automatic upgrades now also use less memory and the download sizes have been optimized to make it faster to get updates.
Tails 4.2 also updates the Tor Browser to 9.0.3, the Thunderbird email client to 68.3.0, and the Linux kernel to the 5.3.15 version released on December 5, 2019.
According to the development team, the Tails 4.3 version is scheduled for release on February 11 and it should be a bugfix release.