Vulnerabilities impacting Debian and Thunderbird fixed in latest update

A new version of Tails has been released, with the maintainers of the privacy-focused Linux distribution urging users to update to protect against several security vulnerabilities.

Released yesterday (June 30), version 4.8 of Tails addresses a number of security holes in the underlying Debian operating system, including a flaw in the GnuTLS library that resulted in the creation of insecure session keys.

Other Linux bugs that have now been fixed include a use-after-free vulnerability, a privilege escalation flaw, and a code execution vulnerability.

The latest Tails release has also remedied multiple vulnerabilities in Thunderbird, which comes bundled with the OS.


BACKGROUND GnuTLS fixes ‘encryption interruptus’ security flaw


As outlined in an advisory from Mozilla, the email client vulnerabilities are all classed as ‘high impact’, and include an NSS library flaw that could force DSA signatures to leak private keys.

Heads up

Aside from addressing these known security vulnerabilities, the latest Tails update also includes a number of new features.

The ‘Unsafe Browser’ mode has been disabled by default, after it was revealed that an attacker could leverage a security vulnerability in Thunderbird to spin up a browser session and deanonymize users.


INSIGHT Tor security: Everything you need to know about the anonymity network


“Such an attack is very unlikely but could be performed by a strong attacker, such as a government or a hacking firm,” the advisory states.

Tails developers recommend that privacy-conscious users should only enable the Unsafe Browser if they need to log into a captive portal.


READ MORE Trusted access: Privacy advocates step up the fight against stalkerware