Hot Take Ubuntu discovers 'hate speech' in release 23.10

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,600
This week, Ubuntu took down its Desktop installer 23.10 after spotting insulting strings buried in its Ukrainian release.

"We have identified hate speech from a malicious contributor in some of our translations submitted as part of a third party tool outside of the Ubuntu Archive," announced the project.

"The Ubuntu 23.10 image has been taken down and a new version will be available once the correct translations have been restored."

On its community forum, the Ubuntu team further explained that malicious Ukrainian translations were submitted by a community contributor to a "public, third party online service" relied upon by the Ubuntu Desktop Installer for providing language support.
Click to expand...
Concerns about malware injections

Granted the impact of this incident remained limited to translations, users have raised concerns about the possibility of malware that could be injected in future Ubuntu releases through dependencies in a similar manner.

"I trust Ubuntu because it's the most widely used so it should have the best review team, but if this happened with translations and no one saw, imagine with dependencies with malware injected," posted a user on X (formerly Twitter). "I think no one reviews anything."

"If this is true then that means you're not beta-testing the non-English versions of your distro," said another one.

"The possibilities for malware from bad-faith actors are huge. This is something that needs to be bridged. You're not elementaryOS. You're a large company & this should not happen."

It is worth noting, however, that reviewing translations submitted in different languages—unless the developers themselves are proficient in these languages, is a much more challenging task that a regular code security audit may not be designed for.
Click to expand...
Ubuntu has now restored its Ukrainian translations "to the state before it was sabotaged," but is spending additional time on "a broader audit before making it officially available."

In the meantime, users are advised to download Ubuntu Desktop 23.10 from the Ubuntu downloads page using the Legacy installer ISO that remains unaffected by the incident. Alternatively, users can upgrade from a previously supported Ubutnu release.
Click to expand...
www.bleepingcomputer.com

Ubuntu discovers 'hate speech' in release 23.10 — how to upgrade?

Ubuntu, the most popular Linux distribution, has pulled its Desktop release 23.10 after its Ukrainian translations were discovered to contain hate speech. According to the Ubuntu project, a malicious contributor is behind anti-Semitic, homophobic, and xenophobic slurs that were injected into the...
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • Wow
  • Sad
Reactions: upnorth, vtqhtr413, Jonny Quest and 3 others

Similar threads

Bot
    • +Reputation
    • Like
Security News Canonical Changes Snap Store Policy in Ubuntu after Criminals Upload Fake Crypto Apps
Replies
1
Views
1,231
Security News
Practical Response
Practical Response
CyberTech
    • Like
    • Thanks
    • Applause
New Update LocalSend - send files over your local network without Internet (Free, Open-source, Cross-platform)
Replies
1
Views
789
Other software
CyberTech
CyberTech
I
    • Like
    • +Reputation
New Update Ubuntu 22.10: What’s New?
Replies
1
Views
589
ChromeOS & Linux
shmu26
shmu26

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top