Numerous_security_holes_in_0.20.1.mdwn 890 Bytes
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[[!meta date="Fri Oct 25 00:00:00 2013"]]
[[!meta title="Numerous security holes in Tails 0.20.1"]]

[[!tag security/fixed]]

Several security holes affect Tails 0.20.1.

We **strongly** urge you to [[upgrade to Tails 0.21|news/version_0.21]]
as soon as possible in case you are still using an older version.

Details
=======

 - Tails:
   - An attacker able to run arbitrary code as the desktop user could
     obtain the public IP.
   - An attacker able to run arbitrary code as the desktop user could
     leverage this feature to gain persistent root access, as
    long as persistence was enabled.
 - Iceweasel:
Tails developers's avatar
Tails developers committed
21
22
23
24
25
26
   - [[!mfsa2013 93]]
   - [[!mfsa2013 95]]
   - [[!mfsa2013 96]]
   - [[!mfsa2013 98]]
   - [[!mfsa2013 100]]
   - [[!mfsa2013 101]]
27
28
29
30
 - GnuPG: [[!debsa2013 2773]]
 - libxml2: [[!debsa2013 2779]]
 - python-crypto: [[!debsa2013 2781]]
 - python-openssl: [[!debsa2013 2763]]