This release is an emergency release to fix a critical security vulnerability
in _Tor Browser_.
It also fixes [other security
vulnerabilities](
https://tails.boum.org/security/Numerous_security_holes_in_3.14/).
You should upgrade as soon as possible.
## Fixed arbitrary code execution in _Tor Browser_
A [critical vulnerability](
https://www.mozilla.org/en-
US/security/advisories/mfsa2019-18/) was discovered in the JavaScript engine
of _Firefox_ and _Tor Browser_. This vulnerability allowed a malicious website
to execute arbitrary code, which means possibly taking over your browser and
turning it into a malicious application.
The Firefox team has reported seeing this vulnerability being abused on the
Internet but has not disclosed further details.
People using the _Safer_ or _Safest_ [security level of _Tor
Browser_](
https://tails.boum.org/doc/anonymous_internet/Tor_Browser/index.en.html#security_level)
are not affected because the feature of JavaScript that is affected (the
_[just-in-time
compilation](
https://en.wikipedia.org/wiki/just%2Din%2Dtime%20compilation)_)
is disabled in these security levels.
Because _Tor Browser_ in Tails is [confined using
_AppArmor_](
https://tails.boum.org/doc/anonymous_internet/Tor_Browser/index.en.html#confinement),
the impact of this vulnerability in Tails is less than in other operating
systems. For example, an exploited _Tor Browser_ in Tails could have accessed
your files in the _Tor Browser_ and _Persistent/Tor Browser_ folders but not
elsewhere in your persistent storage.
A second security vulnerability (a _sandbox escape_) has been revealed on
_Firefox_ and _Tor Browser_. This second vulnerability could only be used by
other possible vulnerabilities in _Firefox_ or _Tor Browser_ as a way to do
more damage to the operating system. Because in Tails, _Tor Browser_ is
already confined by _AppArmor_, we think that this second vulnerability is not
severe in Tails. That is why, we are releasing 3.14.1 today, without waiting
for a fix for this second vulnerability.
# Upgrades and changes
* Update _Tor Browser_ to [8.5.2](
https://blog.torproject.org/new-release-tor-browser-852).
* Update _Tor_ to 0.4.0.5.
* Upgrade _Thunderbird_ to [60.7.0](
https://www.thunderbird.net/en-US/thunderbird/60.7.0/releasenotes/).
For more details, read our [changelog](
https://git-
tails.immerda.ch/tails/plain/debian/changelog).
# Known issues
## Tails fails to start a second time on some computers
([#16389](
https://redmine.tails.boum.org/code/issues/16389))
On some computers, after installing Tails to a USB stick, Tails starts a first
time but fails to start a second time. In some cases, only BIOS (Legacy) was
affected and the USB stick was not listed in the Boot Menu.
We partially fix this issue in 3.14.1 but are still investigating it, so if it
happens to you, please report your findings by email to [tails-
testers@???](
mailto:tails-testers@boum.org). Mention the model of the
computer and the USB stick. This mailing list is [archived
publicly](
https://lists.autistici.org/list/tails-testers.html).
To fix this issue:
1. Reinstall your USB stick using the same installation method.
2. Start Tails for the first time and [set up an administration password](
https://tails.boum.org/doc/first_steps/startup_options/administration_password/index.en.html).
3. Choose Applications ▸ System Tools ▸ Root Terminal to open a Root Terminal.
4. Execute the following command:
sgdisk --recompute-chs /dev/bilibop
You can also test an experimental image:
1. [Download the _.img_ file from our development server](
https://nightly.tails.boum.org/build_Tails_ISO_bugfix-16389-recompute-chs/lastSuccessful/archive/build-artifacts/).
2. Install it using the same installation methods.
We don't provide any OpenPGP signature or other verification technique for
this test image. Please only use it for testing.
See the list of [long-standing
issues](
https://tails.boum.org/support/known_issues/index.en.html).
# Get Tails 3.14.1
## To upgrade your Tails USB stick and keep your persistent storage
* Automatic upgrades are available from 3.13, 3.13.1, 3.13.2, and 3.14 to 3.14.1.
* If you cannot do an automatic upgrade or if Tails fails to start after an automatic upgrade, please try to do a [manual upgrade](
https://tails.boum.org/upgrade/index.en.html).
## To install Tails on a new USB stick
Follow our installation instructions:
* [Install from Windows](
https://tails.boum.org/install/win/index.en.html)
* [Install from macOS](
https://tails.boum.org/install/mac/index.en.html)
* [Install from Linux](
https://tails.boum.org/install/linux/index.en.html)
All the data on this USB stick will be lost.
## To download only
If you don't need installation or upgrade instructions, you can directly
download Tails 3.14.1:
* [For USB sticks (USB image)](
https://tails.boum.org/install/download/index.en.html)
* [For DVDs and virtual machines (ISO image)](
https://tails.boum.org/install/download-iso/index.en.html)
# What's coming up?
Tails 3.15 is [scheduled](
https://tails.boum.org/contribute/calendar/) for
July 9.
Have a look at our [roadmap](
https://tails.boum.org/contribute/roadmap) to see
where we are heading to.
We need your help and there are many ways to [contribute to
Tails](
https://tails.boum.org/contribute/index.en.html)
([donating](
https://tails.boum.org/donate/?r=3.14.1) is only one of them).
Come [talk to us](
https://tails.boum.org/about/contact/index.en.html#tails-
dev)!
URL:
https://tails.boum.org/news/version_3.14.1/index.en.html
_______________________________________________
amnesia-news mailing list
amnesia-news@???
https://www.autistici.org/mailman/listinfo/amnesia-news
To unsubscribe from this list, send an email to amnesia-news-unsubscribe@???.