Re: [Tails-dev] Bash & NSS & more? Is it safe to update in c…

Delete this message

Reply to this message
Autore: anonym
Data:  
To: The Tails public development discussion list
Oggetto: Re: [Tails-dev] Bash & NSS & more? Is it safe to update in current TAILS with each reboot?
01/10/14 07:22, Sylvester Duin wrote:
> I can see there are new updates for bash and NSS packages.


Tails 1.1.2 fixes the most severe of the bash issues (CVE-2014-6271 [1],
but not CVE-2014-7169 [2]), and NSS is fixed for the web browser, but
for the system-wide NSS package it isn't, so e.g. pidgin is potentially
affected (yes, Tails unfortunately has two separate NSS versions for
various reasons). The situation got a bit strange since we didn't have
the best timing when we prepared the unplanned 1.1.2 emergency release.

[1] https://security-tracker.debian.org/tracker/CVE-2014-6271
[2] https://security-tracker.debian.org/tracker/CVE-2014-7169

> Is it safe
> to update in current TAILS with each reboot in Synaptic or with
> apt-get?


In this instance, yes.

> How am I to determine which packages are safe to update per session
> without breaking something in the TAILS design? Thank you for your
> dedication to TAILS.


That's a hard question in general. Packages that we patch (that have
+tails in their version) could lose crucial fixes if you upgrade them to
Debian's version. Still, the vast majority of packages should be safe to
upgrade but don't take that as a free pass to always do it. Sorry for
the not-so-helpful answer. :)

Cheers!