Hot Take Ubuntu discovers 'hate speech' in release 23.10

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,364
This week, Ubuntu took down its Desktop installer 23.10 after spotting insulting strings buried in its Ukrainian release.

"We have identified hate speech from a malicious contributor in some of our translations submitted as part of a third party tool outside of the Ubuntu Archive," announced the project.

"The Ubuntu 23.10 image has been taken down and a new version will be available once the correct translations have been restored."

On its community forum, the Ubuntu team further explained that malicious Ukrainian translations were submitted by a community contributor to a "public, third party online service" relied upon by the Ubuntu Desktop Installer for providing language support.
Concerns about malware injections

Granted the impact of this incident remained limited to translations, users have raised concerns about the possibility of malware that could be injected in future Ubuntu releases through dependencies in a similar manner.

"I trust Ubuntu because it's the most widely used so it should have the best review team, but if this happened with translations and no one saw, imagine with dependencies with malware injected," posted a user on X (formerly Twitter). "I think no one reviews anything."

"If this is true then that means you're not beta-testing the non-English versions of your distro," said another one.

"The possibilities for malware from bad-faith actors are huge. This is something that needs to be bridged. You're not elementaryOS. You're a large company & this should not happen."

It is worth noting, however, that reviewing translations submitted in different languages—unless the developers themselves are proficient in these languages, is a much more challenging task that a regular code security audit may not be designed for.
Ubuntu has now restored its Ukrainian translations "to the state before it was sabotaged," but is spending additional time on "a broader audit before making it officially available."

In the meantime, users are advised to download Ubuntu Desktop 23.10 from the Ubuntu downloads page using the Legacy installer ISO that remains unaffected by the incident. Alternatively, users can upgrade from a previously supported Ubutnu release.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top