- security
- Possible use of an untrusted Live system found on local hard-disk
live-initramfs boot scripts, that are used in amnesia, can boot an untrusted Live system found on the local hard-disk, rather than the one present on the USB stick on CD, as could be expected.
This can only happen in the (pretty rare) case when Linux needs more than 15 seconds to make the legitimate USB stick or CD ready.
Impacto
Booting another Live system than the one you think, without being told, can lead to any kind of information leak, anonymity break, etc.
Solución
None yet. Either build your own images from Git, or wait for the imminent 0.4.2 release.
Mitigación
No uses amnesia en ordenadores no confiables.
Versiones afectadas
Todos los sistemas basados en Debian Live, incluyendo todos los releases de amnesia hasta 0.4.1 inclusive.