Pipe DC84 TAILS Linux 1.4.1 is out (July 3, 2015)

TAILS Linux 1.4.1 is out (July 3, 2015)

by
Anonymous Coward
in security on (#DC84)
# Tails is a live system that aims to preserve your privacy and anonymity.
It helps you to use the Internet anonymously and circumvent censorship almost
anywhere you go and on any computer but leaving no trace unless you ask it to
explicitly.

# It is a complete operating system designed to be used from a DVD, USB stick, or SD
card independently of the computer's original operating system. It is Free Software
and based on Debian GNU/Linux.

# Tails comes with several built-in applications pre-configured with security in
mind: web browser, instant messaging client, email client, office suite, image and
sound editor, etc. - https://tails.boum.org/about/index.en.html

# Tails, The Amnesic Incognito Live System, version 1.4.1, is out.

https://tails.boum.org/news/version_1.4.1/index.en.html
https://twitter.com/Tails_live/status/616921891102715904

# Check first the about and warning pages to make sure that Tails is the right tool
for you and that you understand well its limitations.

https://tails.boum.org/about/index.en.html
https://tails.boum.org/doc/about/warning/index.en.html

# This release fixes numerous security issues and all users must upgrade as soon as
possible.

https://tails.boum.org/download/index.en.html
https://tails.boum.org/doc/first_steps/upgrade/index.en.html

- Home:
https://tails.boum.org/

- Changelog[1]:
https://git-tails.immerda.ch/tails/plain/debian/changelog

- Transition to a new OpenPGP signing key:
# Tails transitioned to a new signing key in Tails 1.3.1.

https://tails.boum.org/news/signing_key_transition/index.en.html
(direct download) https://tails.boum.org/tails-signing.key

# If you're not sure what the cryptographic signature is, please
# read the part on verifying the ISO image.

https://tails.boum.org/download/index.en.html#verify

- Numerous security holes in Tails 1.4:
https://tails.boum.org/security/Numerous_security_holes_in_1.4/index.en.html

- Download:
https://tails.boum.org/download/index.en.html

= Direct Download - Latest Release - 1.4.1 ISO image:
http://dl.amnesia.boum.org/tails/stable/tails-i386-1.4.1/tails-i386-1.4.1.iso

= Direct Download - Cryptographic Signature:
https://tails.boum.org/torrents/files/tails-i386-1.4.1.iso.sig

= SHA256 checksum for ISO/Direct Download:
c7bf55250ca7a7ad897fd219af6ef3d4768be54fb3e2537abb3da8f7f4ed8913

! Verify the ISO image:
https://tails.boum.org/download/index.en.html#index3h1

= BitTorrent download:
https://tails.boum.org/torrents/files/tails-i386-1.4.1.torrent

= BitTorrent Cryptographic signature:
# The cryptographic signature of the ISO image is also included in the Torrent.
Additionally, you can verify the signature of the Torrent file itself before
downloading the ISO image.

https://tails.boum.org/torrents/files/tails-i386-1.4.1.torrent.sig

# "Seed back! Seeding back the image once you have downloaded it is also a nice and
easy way of helping spread Tails."

- The Tails-dev Archives (TAILS development mailing list):
https://mailman.boum.org/pipermail/tails-dev/

- Contributing to Tails
https://tails.boum.org/contribute/index.en.html

- Known issues (Please read if you're experiencing issues!):
https://tails.boum.org/support/known_issues/index.en.html

- Create and use encrypted volumes
https://tails.boum.org/doc/encryption_and_privacy/encrypted_volumes/index.en.html

- TAILS @ Distrowatch:
http://distrowatch.com/tails

- TAILS @ Reddit:
http://reddit.com/r/tails

- TAILS @ Twitter:
https://twitter.com/tails_live

- TAILS Chat (IRC)
https://tails.boum.org/support/chat/

- Optional Reading Material for July 2015 regarding Tor:
Technical and Legal Overview - Tor Anonymity Network
by: CCDCOE - NATO Cooperative Cyber Defence
Centre of Excellence Tallinn, Estonia (2015)

(direct download PDF): http://cryptome.org/2015/07/TOR_Anonymity_Network.pdf

[1] Changelog:

tails (1.4.1) unstable; urgency=medium

* Security fixes
- Upgrade Tor Browser to 4.5.3, based on Firefox 31.8.0 ESR. (Closes: #9649)
- Upgrade Tor to 0.2.6.9-1~d70.wheezy+1+tails2, which includes a circuit
isolation bugfix. (Closes: #9560)
- AppArmor: deny Tor Browser access to the list of recently used files.
(Closes: #9126)
- Upgrade OpenSSL to 1.0.1e-2+deb7u17.
- Upgrade Linux to 3.16.7-ckt11-1.
- Upgrade CUPS to 1.5.3-5+deb7u6.
- Upgrade FUSE to 2.9.0-2+deb7u2.
- Upgrade libsqlite3-0 to 3.7.13-1+deb7u2.
- Upgrade ntfs-3g and ntfsprogs to 1:2012.1.15AR.5-2.1+deb7u2.
- Upgrade p7zip-full to 9.20.1~dfsg.1-4+deb7u1.

* Bugfixes
- Fix automatic upgrades in Windows Camouflage mode. (Closes: #9413)
- Don't ship the snakeoil SSL key pair generated by ssl-cert in the ISO.
(Closes: #9416)
- Partially fix the truncated notifications issue. (#7249)

* Minor improvements
- Disable the hwclock.sh initscript at reboot/shutdown time.
This is an additional safety measure to ensure that the hardware clock
is not modified. (Closes: #9364)
- Stop shipping /var/cache/man/*, to make ISOs and IUKs smaller.
(Closes: #9417)
- Update torbrowser-AppArmor-profile.patch to apply cleanly on top of the
profile shipped with torbrowser-launcher 0.2.0-1.
- Add the jessie/updates APT repo and set appropriate pinning.
- Upgrade Electrum to 1.9.8-4~bpo70+1.
- Upgrade kernel firmware packages to 0.44.

* Build system
- Install the Linux kernel from Debian Jessie. (Closes: #9341)
- Remove files that are not under version control when building in Jenkins.
(Closes: #9406)
- Don't modify files in the source tree before having possibly merged
the base branch into it. (Closes: #9406)
- Make it so eatmydata is actually used during a greater part of the build
process. This includes using eatmydata from wheezy-backports.
(Closes: #9419, #9523)
- release script: adjust to support current Debian sid.

* Test suite
- Test the system clock sanity check we do at boot. (Closes: #9377)
- Remove the impossible "Clock way in the past" scenarios.
Thanks to config/chroot_local-includes/lib/live/config/0001-sane-clock,
these scenarios cannot happen, and since we test that it works they
can be safely removed.
- Test that the hardware clock is not modified at shutdown. (Closes: #9557)
- Pidgin: retry looking for the roadmap URL in the topic.
- Avoid showing Pidgin's tooltips during test, potentially confusing Sikuli.
(Closes: #9317)
- Test all OpenPGP keys shipped with Tails. (Closes: #9402)
- Check that notification-daemon is running when looking for notifications
fails. (Closes: #9332)
- Allow using the cucumber formatters however we want. (Closes: #9424)
- Enable Spice in the guest, and blacklist the psmouse kernel module,
to help with lost mouse events. (Closes: #9425)
- Automate testing Torbutton's 'New Identity' feature. (Closes: #9286)
- Test that Seahorse is configured to use the correct keyserver.
(Closes: #9339)
- Always export TMPDIR back to the test suite's shell environment.
(Closes: #9479)
- Make OpenPGP tests more reliable:
· Retry accessing the OpenPGP applet menus on failure. (Closes: #9355)
· Retry accessing menus in Seahorse on failure. (Closes: #9344)
- Focus the Pidgin conversation window before any attempt to interact
with it. (Closes: #9317)
- Use convertkey from the (backported to Jessie) Debian package,
instead of our own copy of that script. (Closes: #9066)
- Make the memory erasure tests more robust (Closes: #9329):
· Bump /proc/sys/vm/min_free_kbytes when running fillram.
· Actually set oom_adj for the remote shell when running fillram.
· Try to be more sure that we OOM kill fillram.
· Run fillram as non-root.
- Only try to build the storage pool if TailsToasterStorage isn't found.
(Closes: #9568)

-- Tails developers Sun, 28 Jun 2015 19:46:25 +0200
score 0
  • Closed (Not written, not notable)
Reply 0 comments