The privacy-oriented operating system, Tails, has been bumped to version 3.4. The update comes with Linux kernel 4.14.12 which fixes the Meltdown vulnerability and partially mitigates the Spectre bug. The new release also fixes issues in several pieces of software including OpenSSL and Enigmail, both tools important to security.
Despite the Spectre attack not being fully patched, Tails 3.5 is due for release on January 23rd after a new version of Firefox comes out. There’s a chance that release could ship with a total elimination of the Spectre vulnerability but this hasn’t been confirmed.
The update comes with several other fixes, they include an issue that made Tails start very slowly, especially from a DVD; downloaded Debian packages won’t be deleted after installing them, this affects users of the APT Packages persistence feature; the issue which prevented some Debian packages from installing properly with the additional software feature has been fixed; and uBlock Origin has been updated to restore its icon in Tor Browser and make the settings dashboard work again.
There are two known issues with Tails 3.4, firstly the graphical splash screen that’s displayed during Tails startup quickly disappears and gets replaced by “garbled text messages” including one which says “kernel BUG”; these messages, despite being alarming, do not affect your safety. Secondly, an issue in the Tor Browser means that documentation shipped with Tails doesn’t open in Tor Browser anymore. Additionally, the notes say that the warning page of the Unsafe Browser lacks a graphical design.
Automatic upgrades are available from Tails 3.2 and 3.3; if you run either of these on a USB device you’ll be alerted, once connected to the internet, that an update is available, although it could take a long time to upgrade. You can also download the release manually and do a clean install following the guide on the Tails website.