The Tails project has released version 5.17.1 of the Linux distribution for anonymous web surfing. In it, the creators essentially update the Tor browser, which is also affected by a critical security flaw in the libWebP library. Attackers are already abusing the vulnerability. Tails users should therefore quickly update their USB stick with the distribution to the latest version.
The critical security vulnerability affects the open-source library libWebP for processing Google’s WebP image format (CVE-2023-4863, no CVSS value yet, Google classifies the risk as “critical”), which, in addition to Google Chrome, also supports Firefox and Thunderbird as well as other browsers such as Bring Microsoft Edge. Mozilla closed the gap in Firefox and Thunderbird with updates last week, as did Google in Chrome. The Tor browser is based on Firefox and also includes the vulnerable library.
Tails 5.17.1: Short changelog
In the version announcement, the Tails maintainers describe Tails 5.17.1 as an emergency release to close the critical security hole in the Tor browser. It is now up to version 12.5.4, which in turn is based on Firefox ESR 102.15.1 and contains the fix for the libWebP gap. The Tor service is also getting an update to 0.4.8.5.
As usual, current images of the distribution are available for download for USB sticks on a separate download page and for DVDs and virtual machines on another website. Anyone who uses Tails should apply the update quickly.
The project released Tails 5.17 around two weeks ago. The most noticeable change was the improved printer support.
To the home page
#Anonymizing #Linux #Critical #libWebP #vulnerability #closed #Tails #5.17.1