SoylentNews

janrinok writes:

Patches are ready for IP2, the vulnerable component in Tails, but it's not clear when Tails will update.

Tails [boum.org], a portable operating system that employs a host of privacy-focused components, plans to patch flaws contained in I2P, a networking tool developed by the Invisible Internet Project that provides greater anonymity when browsing. It's similar in concept to Tor.

On Saturday, I2P developers released several fixes for XSS (cross-site scripting) and remote execution flaws found by Exodus Intelligence, a vulnerability broker that irked some by announcing first on Twitter it knew of flaws but didn't immediately inform Tails.

The IT World article continues: [itworld.com]

On Friday, Tails advised that users can take steps to protect themselves in the meantime. It recommended that I2P not be intentionally launched in Tails version 1.1 and earlier. Luckily, I2P is not launched by default when Tails is started. But Tails warned that an attacker could use some other undisclosed security holes to launch Tails and then try to de-anonymize a user. To be sure that doesn't happen, the I2P software package should be removed when Tails is launched.

---

Original Submission