This release is an emergency release to fix a critical security vulnerability in _Tor Browser_.
It also fixes [other security vulnerabilities](https://tails.boum.org/security/Numerous_security_holes_in_3.14/). You should upgrade as soon as possible. ## Fixed arbitrary code execution in _Tor Browser_ A [critical vulnerability](https://www.mozilla.org/en- US/security/advisories/mfsa2019-18/) was discovered in the JavaScript engine of _Firefox_ and _Tor Browser_. This vulnerability allowed a malicious website to execute arbitrary code, which means possibly taking over your browser and turning it into a malicious application. The Firefox team has reported seeing this vulnerability being abused on the Internet but has not disclosed further details. People using the _Safer_ or _Safest_ [security level of _Tor Browser_](https://tails.boum.org/doc/anonymous_internet/Tor_Browser/index.en.html#security_level) are not affected because the feature of JavaScript that is affected (the _[just-in-time compilation](https://en.wikipedia.org/wiki/just%2Din%2Dtime%20compilation)_) is disabled in these security levels. Because _Tor Browser_ in Tails is [confined using _AppArmor_](https://tails.boum.org/doc/anonymous_internet/Tor_Browser/index.en.html#confinement), the impact of this vulnerability in Tails is less than in other operating systems. For example, an exploited _Tor Browser_ in Tails could have accessed your files in the _Tor Browser_ and _Persistent/Tor Browser_ folders but not elsewhere in your persistent storage. A second security vulnerability (a _sandbox escape_) has been revealed on _Firefox_ and _Tor Browser_. This second vulnerability could only be used by other possible vulnerabilities in _Firefox_ or _Tor Browser_ as a way to do more damage to the operating system. Because in Tails, _Tor Browser_ is already confined by _AppArmor_, we think that this second vulnerability is not severe in Tails. That is why, we are releasing 3.14.1 today, without waiting for a fix for this second vulnerability. # Upgrades and changes * Update _Tor Browser_ to [8.5.2](https://blog.torproject.org/new-release-tor-browser-852). * Update _Tor_ to 0.4.0.5. * Upgrade _Thunderbird_ to [60.7.0](https://www.thunderbird.net/en-US/thunderbird/60.7.0/releasenotes/). For more details, read our [changelog](https://git- tails.immerda.ch/tails/plain/debian/changelog). # Known issues ## Tails fails to start a second time on some computers ([#16389](https://redmine.tails.boum.org/code/issues/16389)) On some computers, after installing Tails to a USB stick, Tails starts a first time but fails to start a second time. In some cases, only BIOS (Legacy) was affected and the USB stick was not listed in the Boot Menu. We partially fix this issue in 3.14.1 but are still investigating it, so if it happens to you, please report your findings by email to [tails- [email protected]](mailto:[email protected]). Mention the model of the computer and the USB stick. This mailing list is [archived publicly](https://lists.autistici.org/list/tails-testers.html). To fix this issue: 1. Reinstall your USB stick using the same installation method. 2. Start Tails for the first time and [set up an administration password](https://tails.boum.org/doc/first_steps/startup_options/administration_password/index.en.html). 3. Choose Applications ▸ System Tools ▸ Root Terminal to open a Root Terminal. 4. Execute the following command: sgdisk --recompute-chs /dev/bilibop You can also test an experimental image: 1. [Download the _.img_ file from our development server](https://nightly.tails.boum.org/build_Tails_ISO_bugfix-16389-recompute-chs/lastSuccessful/archive/build-artifacts/). 2. Install it using the same installation methods. We don't provide any OpenPGP signature or other verification technique for this test image. Please only use it for testing. See the list of [long-standing issues](https://tails.boum.org/support/known_issues/index.en.html). # Get Tails 3.14.1 ## To upgrade your Tails USB stick and keep your persistent storage * Automatic upgrades are available from 3.13, 3.13.1, 3.13.2, and 3.14 to 3.14.1. * If you cannot do an automatic upgrade or if Tails fails to start after an automatic upgrade, please try to do a [manual upgrade](https://tails.boum.org/upgrade/index.en.html). ## To install Tails on a new USB stick Follow our installation instructions: * [Install from Windows](https://tails.boum.org/install/win/index.en.html) * [Install from macOS](https://tails.boum.org/install/mac/index.en.html) * [Install from Linux](https://tails.boum.org/install/linux/index.en.html) All the data on this USB stick will be lost. ## To download only If you don't need installation or upgrade instructions, you can directly download Tails 3.14.1: * [For USB sticks (USB image)](https://tails.boum.org/install/download/index.en.html) * [For DVDs and virtual machines (ISO image)](https://tails.boum.org/install/download-iso/index.en.html) # What's coming up? Tails 3.15 is [scheduled](https://tails.boum.org/contribute/calendar/) for July 9. Have a look at our [roadmap](https://tails.boum.org/contribute/roadmap) to see where we are heading to. We need your help and there are many ways to [contribute to Tails](https://tails.boum.org/contribute/index.en.html) ([donating](https://tails.boum.org/donate/?r=3.14.1) is only one of them). Come [talk to us](https://tails.boum.org/about/contact/index.en.html#tails- dev)! URL: https://tails.boum.org/news/version_3.14.1/index.en.html _______________________________________________ amnesia-news mailing list [email protected] https://www.autistici.org/mailman/listinfo/amnesia-news To unsubscribe from this list, send an email to [email protected]. _______________________________________________ Tails-dev mailing list [email protected] https://www.autistici.org/mailman/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
