Whonix VirtualBox 14.0.1.3.8 - Point Release

This is a point release.

Debian APT remote code execution vulnerability DSA 4371-1 is fixed in this version. Therefore, special instructions for upgrading are not required. The usual standard (“everyday”) upgrading instructions should be applied.


Download Whonix for VirtualBox:

@Patrick. i notice that the onion repositories are commented out of the various /etc/apt/sources.list.d/* files. is this by design or accidental?

1 Like

By design.

https://forums.whonix.org/t/disable-onions-by-default-due-to-unreliability/6650

2 Likes

I followed the “special instructions for upgrading” on a previous VBox-XFCE release (both on the Gateway and Workstation).

Now I want to add another Workstation, I will use 14.0.1.3.8 for that. I prefer not to change my Gateway VM at this time. Should I expect any issues?

Hi yirgit

You’re referring to using 2 different point releases e.g. A Whonix Worktation 14.0.1.3.8 VM and Whonix Gateway 14.0.0.9.3 ?

Don’t worry about it. If you updated your older point release Whonix-Gateway VM it will already be updated to 14.0.1.3.8

sudo apt-get update && sudo apt-get dist-upgrade

https://whonix.org/wiki/Operating_System_Software_and_Updates#Standard_Upgrade_Steps

Note: For future reference.You should never use VMs from different releases e.g. Whonix-Gateway-13 VM and a Whonix-Workstation-14 VM.

https://whonix.org/wiki/Operating_System_Software_and_Updates#End-of-life_Software

1 Like

Yes.

When I type

cat /var/lib/anon-dist/build_version

It shows 14.0.0.9.6

That will not change when you update the VM. Think of that as just a number. What matters is you updated the packages

1 Like

Whonix Build Version:
systemcheck - Security Check Application

btw, clipboard is set to “bidirectional” on gateway and workstation with this point release.

Wasn’t it the case with the previous point release as well?

I think the default, at least at the Gateway, should be a disabled clipboard. Most users will not need to do anything on the Gateway ever apart from running apt-get updates or launching Onion Circuits. It is fair that advanced modifications require VirtualBox settings modifications as well.

I also noticed that the default option in “Close Virtual Machine” is “Save the machine state” rather than “Power off the machine”. Is this intended?

sheep via Whonix Forum:

Wasn’t it the case with the previous point release as well?

It indeed was.

I think the default, at least at the Gateway, should be a disabled clipboard. Most users will not need to do anything on the Gateway ever apart from running apt-get updates or launching Onion Circuits. It is fair that advanced modifications require VirtualBox settings modifications as well.

Useful for copying bridges or other config (onion services…) to the
gateway. Otherwise major usability hassle.

On

in footnote we say:

“Since Whonix-Gateway is not supposed to be used as a workstation. No
internet facing client application are being used there. Whatever
“leaked” to Whonix-Gateway stays there and since conceptually users do
not use browsers or similar on Whonix-Gateway, it cannot leak anywhere.”

I also noticed that the default option in “Close Virtual Machine” is “Save the machine state” rather than “Power off the machine”. Is this intended?

No. But may also most likely not be possible to modify by using a
VirtualBox ova file since that may be a global VirtualBox rather than
VirtualBox VM specific setting.

Personally I prefer having the strictest possible settings as default, as long as it’s not a hassle to revise them when necessary. In this case I will disable the clipboard on the Gateway, and if I need to copy bridges etc it will take me a few seconds to change it on Virtualbox. When the task is done, I will disable it back. Leaks - my concern is more regarding a leak to the other direction - from the gateway to the workstation / host. For example IP / onion circuit details / private keys of onion services. I don’t know how likely it is to those to get into the clipboard by mistake or carelessness but since the cost of switching it back and forth is minimal…

1 Like

maybe i missed it in my searching. is bidirectional clipboard enabled intentionally or is this an accident/bug?

1 Like

Intentional.

I can see the reasoning. Not having usability would be a nightmare for first time Whonix/linux users. Is there other functionality that would be helpful to have for first time users?

If you can think of anything that needs documented (e.g. enable $this VirtualBox functionality/utility) or should be included by default, please add to:

https://forum.whonix.org/t/whonix-can-become-a-distribution-targeting-first-time-linux-users/7050

1 Like