The Tails project has released version 5.17.1 of the Linux distribution for anonymous web surfing. In it, the creators essentially update the Tor browser, which is also affected by a critical security flaw in the libWebP library. Attackers are already abusing the vulnerability. Tails users should therefore quickly update their USB stick with the distribution to the latest version.
Advertisement
The critical vulnerability affects the open source library libWebP for processing Google’s WebP image format (CVE-2023-4863, no CVSS value yet, Google classification of the risk “critical“), which, in addition to Google Chrome, also bring Firefox and Thunderbird as well as other browsers such as Microsoft Edge. Mozilla closed the gap in Firefox and Thunderbird with updates last week, as did Google in Chrome. The Tor browser is based on Firefox and brings the vulnerable library also included.
Tails 5.17.1: Short changelog
Refer to the Tails maintainers in the Tails 5.17.1 release announcement as an emergency release to close the critical security vulnerability in the Tor browser. It is now up to version 12.5.4, which in turn is based on Firefox ESR 102.15.1 and contains the fix for the libWebP gap. The Tor service is also getting an update to 0.4.8.5.
As usual, current images of the distribution are available for USB sticks on their own download page also for DVDs and virtual machines on another website ready to download. Anyone who uses Tails should apply the update quickly.
The project released Tails 5.17 around two weeks ago. The most noticeable change was the improved printer support.
(dmk)