Ubuntu 23.10 Update Pulled Due to Malicious Translations
Malicious translations injected into Ukrainian translation file prompt Ubuntu to temporarily remove 23.10 update.
Ubuntu 23.10, the latest release of the popular Linux distribution, was pulled from the official website just hours after its release on October 12, 2023. The reason for the removal was the discovery of malicious translations in the Ukrainian translation file.
In a post on the X platform, the Ubuntu team explained that they had identified “hate speech from a malicious contributor in some of our translations submitted as part of a third-party tool outside of the Ubuntu Archive.” The team also stated that they were “taking additional time for a broader audit before making it officially available.”
The malicious translations were discovered by Joey Sneddon of OMG Ubuntu, who translated the offensive content from a GitHub repository. Sneddon found messages related to politics, sexuality, and current events, characterized by “crude, provocative, and highly inflammatory” language.
Ubuntu has emphasized that the issue only affected installations through the Live CD environment, and that users upgrading from previous versions or using the Ubuntu Desktop Legacy ISO were unaffected. The team has also expressed its disappointment in the incident, stating, “It’s unfortunate when that path of collaboration is undermined and used as a mechanism of social aggression.”
Ubuntu users who had already downloaded the ISO file were advised to refrain from using it, and users who had installed the update through the Live CD environment could upgrade to the latest version using the command line.
The Ubuntu team is currently working on a fix for the issue, and they expect to release a new ISO file with the corrected translations in the coming days. In the meantime, users can download the Ubuntu Desktop Legacy ISO, which is not affected by the issue.
Impact on Ubuntu users:
Ubuntu users who are planning to upgrade to version 23.10 are advised to wait until the new ISO file with the corrected translations is released. Users who have already downloaded the ISO file or installed the update through the Live CD environment should upgrade to the latest version using the command line.
Users who are upgrading from previous versions of Ubuntu or using the Ubuntu Desktop Legacy ISO are not affected by the issue and can proceed with the upgrade as usual.