Two kernel zero‑day fixes, two quick Tails releases, and one Tor‑backed project determined to keep its privacy‑minded users safe — this is open source security hygiene in action.
We’re starting to see the benefit of having the privacy-respecting Tails Linux distribution (also known as the amnesic incognito live system) under the same roof as the Tor Project. Yesterday Tails released Tails 7.7.3, specifically to deal with Dirty Frag, the latest Linux kernel security vulnerability. Evidently the folks behind the project figure that amnesia alone isn’t enough if you’re leaving a door open to let bad guys in.
Tails, which has been around since 2009, became part of the Tor Project in late 2024.
“This release is an emergency release to fix a critical security vulnerability in the Linux kernel, as well as security vulnerabilities in Tor Browser and in the Tor client,” Tor said on the project’s blog.
On May 4, or only eight days earlier, Tails 7.7.2 was released, specifically to deal with the Copy Fail vulnerability. This sort of quick action to deal with a security hole is actually the definition of open source done right.
The earlier release was a single‑purpose emergency release, with the only documented change being the kernel update to fix Copy Fail. Yesterday’s release — while primarily a security fix release — also updated Tor Browser to 15.0.12, Tor client to 0.4.9.8, and the Thunderbird email client to 140.10.1.
These releases were rushed out because Tails’ users are used to being safe from surveillance and other dangers while online, something these recent vulnerabilities threaten.
“For example, if an attacker was able to exploit other unknown security vulnerabilities in an application included in Tails, they might then use Copy Fail to take full control of your Tails and deanonymize you,” Tor said. “We are not aware of this vulnerability being used in practice until now.”
Tor said that Tails 7.0 to 7.7.3 users should be able to upgrade in place by using the distro’s automatic upgrade feature. Users running a Tails live USB stick should also be able to upgrade in place and keep persistent storage intact.
If an automatic upgrade fails, Tor says to reinstall manually or to create a new USB installation.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux
Be First to Comment