Whonix KVM 15.0.0.4.9 - Point Release

This is a point release. See changelog below for more info.

Download:

In-place release upgrade is NOT recommended for this version. Settings on the host have been markedly changed and you should replace the current machines and virtual networks with updated ones.

For more info about network changes see: http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/important-whonix-kvm-network-settings-changes/7269/3

Follow the updated istall instructions on the wiki to import the new settings.

KVM Notable Changes:

• Command line control of KVM VMs now supported: Whonix ™ for KVM
• Microphone disabled by default
• Switched RNG to /dev/urandom
• pvspinlock enabled

Notable Changes:

• Bumped base Debian packages to 10.1

• Updated theme to a more modern look

• tb-starter prompts for high security slider on first run

• Mostly same as http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/whonix-virtualbox-15-0-0-3-9-testers-wanted-stronger-linux-user-account-isolation-and-more-hardening/7898 but http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/change-default-umask/7416 removed and replaced with better solution permission lockdown (linux pam based).

• tb-starter bug fixed.

• Upgraded Hardened Malloc to version 2 and switched to compile with clang rather than gcc as per upstream preference.

• msgcollector mount option hardening

• Bluetooth is blacklisted to reduce attack surface.

• Requires every module to be signed before being loaded. Any module that isunsigned or signed with an invalid key cannot be loaded. This makes it harder to load a malicious module.

• Abort login for users with locked passwords [security-misc]

• informational output during Linux PAM [security-misc]

  • Show failed and remaining password attempts.
    to read and write to newly created files.
  • Document unlock procedure if Linux user account got locked.
  • Point out, that there is no password feedback for su.
  • Explain locked (root) account if locked.

• remove system.map after kernel upgarde

• abort login without asking for password if it will fail anyhow

• http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/apt-get-error-e-repository-tor-https-cdn-aws-deb-debian-org-debian-security-buster-updates-inrelease-changed-its-suite-value-from-testing-to-stable/7704 fixed

Full difference of all changes:

https://github.com/Whonix/Whonix/compare/15.0.0.3.9-developers-only...15.0.0.4.9-developers-only

This release would not have been possible without the numerous supporters of Whonix!

Please Donate!

Hm perhaps redownload the archive and not be so quick to delete it the next time?

Doesn’t address the original issue. Likely the same would happen again.

Not clear to me if last release worked but point release has this issue.