Whonix KVM Image Rollback?

Nole · June 17, 2023, 6:42pm

I installed Whonix KVM version 16.0.9.8 a few months ago. About 2 months or so ago, it changed to 16.0.9.0. Has there been a rollback?

I verified my installation (16.0.9.8) with PGP and compared the checksums and it it’s all good. Both gateway and workstation VMs are working normally. Now I’m confused why the version went back. Possible rollback attack?

extraextra · June 18, 2023, 4:33am

Where did you read the version number?

Patrick · June 19, 2023, 12:05pm

I don’t think there ever way any rollback ever.

If that was to ever happen, this would require a Whonix News.

Version numbers might confuse you. See:
systemcheck - Security Check Application chapter Version Numbers in Kicksecure wiki
(Whonix is based on Kicksecure.)

Note: I am not a maintainer of Whonix KVM.

Nole · June 20, 2023, 9:34pm

On the Whonix KVM page (https:// www.whonix .org/wiki/KVM#Download_Whonix_%E2%84%A2), the download link has the version number.

Nole · June 20, 2023, 9:37pm

It wasn’t the version number in the virtual machine, but the image itself. On the Whonix KVM page, the download link shows the version number. That was the version that changed.

I checked with the Kicksecure website and the same thing happened there with Kicksecure KVM (changed from 16.0.9.8 to 16.0.9.0). From what I could tell, this seems to be an issue with Whonix/Kicksecure images specific to KVM.

Patrick · June 21, 2023, 7:40am

Related wiki templates:

Looking at the history (requires any wiki account):

Indeed, image download version was reverted from 16.0.9.8 to 16.0.9.0.

This happened due to a mistake. It’s related to MultiWiki. Template:Version_KVM is a MultiWiki wiki page. When editing a MultiWiki page in Whonix wiki such as for example Template:Version_KVM it shows a warning:

Please do not edit! This is a MultiWiki slave page.

Read here how and where you should edit instead.

Or edit the master page here.

What happened:

The version number was only updated in the Whonix wiki, which was ok and good.
The update was forgotten in Kicksecure wiki.
Therefore the next MultiWiki deploy reverted to the earlier version.

Solution for KVM maintainer (easy, recommended):

Edit version in Kicksecure wiki first, then edit version in Whonix wiki.

Solution for KVM maintainer (more complicated):

Edit version in Kicksecure wiki first, then run a MultiWiki deploy.

Nole · June 21, 2023, 4:23pm

Thanks for your timely response! I’m surprised this went unnoticed for so long.

To confirm, only the version number reverted but the image is OK? I installed 16.0.9.8 from a few months ago before the revert - is it fine to keep running this or is a reinstall suggested?

Patrick · June 21, 2023, 5:54pm

To confirm, only the version number reverted but the image is OK?

This has nothing to do with the image itself. Only the link was wrong.

I installed 16.0.9.8 from a few months ago before the revert - is it fine to keep running this or is a reinstall suggested?

I don’t see any indication.