Today we are announcing the release of SecureDrop 0.4.4. This is a hotfix release to fix a security vulnerability where during initial provisioning of the SecureDrop servers, three packages - tor, ntp, and the Tor keyring are installed without verifying cryptographic signatures. As these packages are fetched over HTTP, an attacker with network access could gain remote code execution on the SecureDrop servers if they are able to man-in-the-middle (MitM) the connection to the apt server. This vulnerability was found during internal code review and there are no signs of active exploitation. See our recent blog post for more information.
This release also adds tooling for sending logs for forensics to Freedom of the Press Foundation.
What Administrators Should Do
Please contact us through the support portal if you have any questions or concerns. For most news organizations, no reinstall is necessary, but as a precautionary measure, we recommend high-risk organizations reinstall SecureDrop on 0.4.4.