Tor browser in whonix-workstation-18 tries to autoupdate itself. Weird issues with whonix-workstation-18

I currently have Tor Browser version 15.0.3 (based on Mozilla Firefox 140.6.0esr) installed. It tries to autoupdate itself every time I open a new disposable whonix vm. So I tried to update my whonix qubes. Whonix gateway update gave zero issues when updating. Whonix workstation on the other hand

Refreshing package info
Refreshing available packages.
Refreshed.
Fetching 1 packages [242.35 KiB]
Fetched.
Updating packages.
(Reading database ... (Reading database ... 5%(Reading database ... 10%(Reading database ... 15%(Reading database ... 20%(Reading database ... 25%(Reading database ... 30%(Reading database ... 35%(Reading database ... 40%(Reading database ... 45%(Reading database ... 50%(Reading database ... 55%(Reading database ... 60%(Reading database ... 65%(Reading database ... 70%(Reading database ... 75%(Reading database ... 80%(Reading database ... 85%(Reading database ... 90%(Reading database ... 95%(Reading database ... 100%(Reading database ... 177793 files and directories currently installed.)
Preparing to unpack .../tb-updater_3%3a42.6-1_all.deb ...
Unpacking tb-updater (3:42.6-1) over (3:41.7-1) ...
Setting up tb-updater (3:42.6-1) ...
/usr/sbin/policy-rc.d returned 101, not running 'restart tb-updater-dispvm.service tb-updater-first-boot.service'
INFO: ARCH 'x86_64' detected.
INFO: ARCH_DOWNLOAD 'linux-x86_64' detected.
INFO: CURL_PROXY: '--proxy http://127.0.0.1:8082/'
INFO: Automatically setting download folder to '/var/cache/tb-binary', because running inside Qubes Template and from postinst. This is useful so you get up to date versions of Tor Browser in newly created App Qubes inherited from updated Templates.
More info: https://www.whonix.org/wiki/Tor_Browser/Advanced_Users#Qubes-specific
INFO: Not running inside Qubes Disposable Template, ok.
INFO: Using stable version. For alpha version, see: https://www.whonix.org/wiki/Tor_Browser#Alpha
INFO: Running connectivity check...  Downloading...: 'https://www.torproject.org'
INFO: CURL_OUT_FILE: '/var/cache/tb-binary/.cache/tb/temp/tbb_remote_folder'
[#                                                  ]   0%[#####                                             ]  10%[################################################## ] 100%[0G[0KINFO: Connectivity check succeeded.
INFO: Find out latest version... Downloading...: 'https://aus1.torproject.org/torbrowser/update_3/release/download-linux-x86_64.json'
INFO: CURL_OUT_FILE: '/var/cache/tb-binary/.cache/tb/RecommendedTBBVersions'
[#                                                  ]   0%[####                                              ]   8%[################################################## ] 100%[0G[0KINFO: Previously downloaded version: '15.0.3'
INFO: Currently installed version  : '15.0.3'
INFO: Online detected version      : '15.0.4'
Looks like there is an upgrade for Tor Browser.
Please close Tor Browser if you want to (re-)install!
If your currently installed version is:
   - higher: you are likely target of a downgrade attack, SAY NO NOW.
   - equal : only proceed, if you want to create a new browser profile.
   - lower : you should upgrade.
If you would like to keep your browser profile and update rather than re-downloading Tor Browser, you must use Tor Browser's internal updater. In that case, say no now.
This program (Tor Browser Downloader (by Whonix developers)) is incapable of keeping user data.
YOUR BROWSER WILL BE KILLED.
YOUR OLD BROWSER PROFILE INCLUDING BOOKMARKS AND PASSWORDS WILL GET DELETED.
Learn more about this Download Confirmation Notification.
INFO: Digital signature (GPG) download... Will take a moment...
INFO: Downloading...: 'https://www.torproject.org/dist/torbrowser/15.0.4/tor-browser-linux-x86_64-15.0.4.tar.xz.asc'
INFO: CURL_OUT_FILE: '/var/cache/tb-binary/.cache/tb/files/tor-browser-linux-x86_64-15.0.4.tar.xz.asc'
[#                                                  ]   0%[#########                                         ]  19%[################################################## ] 100%[0G[0KINFO: Downloading 'Tor Browser'...
INFO: Downloading...: 'https://www.torproject.org/dist/torbrowser/15.0.4/tor-browser-linux-x86_64-15.0.4.tar.xz'
INFO: CURL_OUT_FILE: '/var/cache/tb-binary/.cache/tb/files/tor-browser-linux-x86_64-15.0.4.tar.xz'

I interrupted this upgrade just in case and rebooted the system before it could be completed. Now if I try to update whonix-workstation it shows that no updates are available. Does it means I managed to connect to a malicious node which tried to install a malicious version of tor browser? Or it is just a glitch? How do I update my whonix vm so it will have the newest version of tor? Or should I reinstall the templates for whonix from scratch? If yes, then how to do so?

Now if I try to update the template it shows

Updating whonix-workstation-18
Refreshing package info
Refreshing available packages.
Refreshed.
Fetched.
Updating packages.
Reading package lists...
Building dependency tree...
Reading state information...
Calculating upgrade...
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Updated.
Installed packages:
None
Updated packages:
None
Removed packages:
None
Hit:1 https://deb.qubes-os.org/r4.3/vm trixie InRelease
Hit:2 tor+https://deb.debian.org/debian trixie InRelease
Hit:3 tor+https://fasttrack.debian.net/debian-fasttrack trixie-fasttrack InRelease
Hit:4 tor+https://deb.kicksecure.com trixie InRelease
Hit:5 tor+https://deb.debian.org/debian trixie-updates InRelease
Hit:6 tor+https://deb.whonix.org trixie InRelease
Hit:7 tor+https://fasttrack.debian.net/debian-fasttrack trixie-backports-staging InRelease
Hit:8 tor+https://deb.debian.org/debian trixie-backports InRelease
Hit:9 tor+https://deb.debian.org/debian-security trixie-security InRelease
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
Calculating upgrade...
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

Tracking, same issue. Im unsure whether the Whonix template or internal Tor browser updater should be given precedence

I doubt it’s a malicious, false update. Expect either the template is outdated, or there’s a good reason not to push the browser update

If whonix didn’t had maintenance on their forum until 20 January it would be a better idea to ask there. But it is simply not possible due to their forum being read only

The current version of torbrowser is 15.0.4. Try running:

[user@dom0 ~]$ qvm-run --pass-io whonix-workstation-18 '/usr/bin/update-torbrowser --onion --only-if-newer --noask --noaskstart'

If that doesn’t work (doesn’t try to install the new browser, as it was doing in your transcript) then maybe the simplest thing to do would be to reinstall whonix-workstation-18 through Qubes Template Manager, just in case it’s been put in a weird state after the update was interrupted.

This did work. I had to restart both disposable whonix workstation and manually shutdown whonix workstation template