Tails staat voor The amnesic incognito live system en is een live Linux-distributie die zich richt op privacy en anonimiteit. Als basis maakt het gebruik van Debian GNU/Linux en het voegt daar een Gnome-omgeving met Tor, Tor Browser, Pidgin, Thunderbird, Electrum, LibreOffice, GPG en KeePassXC aan toe. Voor meer informatie verwijzen we naar deze pagina. Versie 5 is op Debian 11 gebaseerd en onder meer OpenPGP is vervangen door Kleopatra. In versie 5.19.1 is Tor bijgewerkt naar een nieuwere versie om zo een beveiligingsprobleem te verhelpen.
Changes and updatesFor more details, read our changelog. See the list of long-standing issues.
- Update the Tor client to 0.4.8.9, which fixes the TROVE-2023-006 vulnerability.
The details of TROVE-2023-006 haven't been disclosed by the Tor Project to leave time for users to upgrade before revealing more. We only know that the Tor Project describes TROVE-2023-006 as a "remote triggerable assert on onion services". Our team thinks that this vulnerability could affect Tails users who are creating onion services from their Tails, for example when sharing files or publishing a website using OnionShare.
This vulnerability might allow an attacker who already knows your OnionShare address to make your Tor client crash. A powerful attacker might be able to further exploit this crash to reveal your IP address. This analysis is only a hypothesis because our team doesn't have access to more details about this vulnerability. Still, we are releasing this emergency release as a precaution.OnionShare is the only application included in Tails that creates onion services. You are not affected by this vulnerability if you don't use OnionShare in Tails and only use Tails to connect to onion services and don't create onion services using Additional Software. More details about TROVE-2023-006 will be available on the Tor issue #40883 sometime after the release.
:fill(white):strip_exif()/i/2005085794.jpeg?f=thumbmedium)