Emergency Tails 7.4.1 update patches critical OpenSSL flaws that could let malicious Tor relays deanonymize users.
Just a little over two weeks after the January 14 release of Tails 7.4, the first minor point release — Tails 7.4.1 — drops as an emergency update.
If you’re a Tails user and you’re thinking that this update is coming a bit too soon, I would advise you not to skip this release, which updates the OpenSSL library to version 3.5.4, a security release addressing critical vulnerabilities. In short, malicious Tor relays could use the vulnerabilities to deanonymize users, which sort of defeats the purpose of using the distro, given that anonymization is its main reason for being.
Tails, or The Amnesic Incognito Live System, is a Debian-based distro with a strong focus on protecting its users against surveillance and censorship. I’ve been known to call it the anti-Cheers distro, because when you’re using it you’re in a space where nobody knows your name. It’s designed to run live from a thumb drive and uses the Tor browser for travelling the web.
The distro started life in 2009 as an independent project. In September 2024 it merged to become part of the Tor Project, a marriage that makes sense since Tails relies heavily on the Tor Client, the background service that connects to the Tor network for safe internet transit, and the Tor Browser, a Firefox-based browser that uses that client for all web traffic.
In addition to including the OpenSSL library fix, Tails 7.4.1 also updates the Tor client to version 0.4.8.22 and the Thunderbird email client to version 140.7.0. Also, there’s a Gmail authentication fix, and a spinning icon has been added to indicate when Tails is in the process of making a Wi-Fi connection.
Tails 7.4.1 is available for download from the Tails website as ISO and USB images for 64-bit systems.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux
Be First to Comment