Tails 5.3.1 is out (2022-08-02)

= Announcement =

"This release is an emergency release to fix a security vulnerability in the Linux kernel.

= Changes and updates=

  • Update the Linux kernel to 5.10.127-2, which fixes CVE-2022-34918,[1] a vulnerability that allows applications in Tails to gain administration privileges.

  • For example, if an attacker was able to exploit other unknown security vulnerabilities in Tor Browser, they might then use CVE-2022-34918 to take full control of your Tails and deanonymize you.

  • This attack is very unlikely, but could be performed by a strong attacker, such as a government or a hacking firm. We are not aware of this attack being used in the wild.

  • Update Thunderbird to 91.12.0.[2]"

[1] CVE - CVE-2022-34918
[2] Thunderbird — Release Notes (91.12.0) — Thunderbird

= Changelog =

"tails (5.3.1) unstable; urgency=medium

  • Upgrade Linux to 5.10.127-2 (DSA-5191)
  • Upgrade Thunderbird to 91.12.0 (DSA-5195)

– Tails developers tails@boum.org Mon, 01 Aug 2022 23:19:49 +0000"


This might be a very stupid question, but would the exploit work to the simplicity of opening ‘unsafe browser’ and going to an IP check website or would it be complex?

You have to open the Unsafe Browser anyway to sign in at Starbucks, the library, etc. I know that doesn’t answer your question, but thought it relevant.

1 Like

I never really thought of that. Presumably it is just connecting to an internal address like to log in? Not being able to connect and use straight away would definitely decrease ability to act anonymously. Whenever I’ve tried restaurant wifi it has usually just worked upon connection but some others do require a username and password, do you have to actually ask for a username per person or does the whole place work under one name? All these added points of failure certainly make me glad to not be on public wifi like so many people suggest.

@Angular, on the Tails site, there is a page that describes what you have to do at Starbucks and the library, etc. They say to open the unsafe browser, log in there, then make sure you close the unsafe browser, then start Tor browser.
I think you can get some extra privacy and anonymity by running a VPN on a VPN Router, such as the GL I Net routers. That way, if Tor is compromised, you have some fallback protection with the VPN. From what I hear, Mullvad VPN is very good.