On Wed, Feb 24, 2016 at 8:28 AM, Anonymous <nob...@remailer.paranoici.org> wrote: > hi is it safe to update these files in synaptic? > > [23 Feb 2016] DSA-3487 libssh2 - security update
This should only matter if you're ssh'ing into other hosts, tails does not run an sshd. > [19 Feb 2016] DSA-3483 cpio - security update cpio is a file archive tool, it should be safe to update live. > there's a few others, too. the updates refuse to display > a changelog, IDK why. > > there's one glibc or libc or something similar in Synaptic > which wants updating of 2 separate packages. but don't those > type of updates want a reboot? glibc, for CVE-2015-7547. It's a bug in getadddrinfo, which is what most programs use for DNS resolution. For tails, however, it is currently believed to be mitigated because DNS lookups go out over SOCKS/Tor (please, someone correct me if I'm wrong there). While glibc does need a reboot to be fully effective (any running programs are vulnerable until they load the new libc on start), it would help for any programs you launch going forward. In other words, your desktop manager may still be vulnerable, but if you launch Libreoffice after updating glibc you should be protected. > i usually backup updates and reinstall them in new Tails > session, but i want to know what is safe to d/l without > waiting for a new Tails .ISO and without upgrading a usb. You should always update Tails whenever updates are released rather than updating packages by hand as you find out about them. -- -Austin _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.