Mere hours after their release, Ubuntu 23.10 download images have been removed from distribution. If you try and grab the latest desktop ISO at the time of writing you will be greeted with a message saying “Ubuntu 23.10 cannot be downloaded right now.” Ubuntu’s official account on Twitter/X reveals that the reason for the takedown of the 23.10 images is that a "malicious contributor" had laced translations with “hate speech.” Ubuntu focused site OMG Ubuntu found that the Ukrainian translation file had been targeted by the malicious ne’er do well.
We have identified hate speech from a malicious contributor in some of our translations submitted as part of a third party tool outside of the Ubuntu Archive. The Ubuntu 23.10 image has been taken down and a new version will be available once the correct translations have been…October 12, 2023
So, the Ubuntu 23.10 release was supposed to be available and stay available, from yesterday. We discussed the release of Mantic Minotaur in our news section yesterday. Notable new features included increased OS security, a new and improved App Center, and the introduction of support for RISC-V-based SBCs and the new Raspberry Pi 5. Little did we know the Ukrainian language resource files were spilling over with hate speech.
The malicious contributor appears to have kept some translations as intended but interspersed them with text strings that highlight extremist beliefs with regard to certain religious groups, sexual orientation, and political persuasion.
Tom's Hardware has seen the original Ukrainian text and used machine translation to initially confirm the contents. The text was then reviewed by an editor who can read Ukrainian and they have confirmed that the machine translation is accurate.
The only example of these malicious translations that we are willing to print can be seen in context, below:
@override
String onBatteryWarning(Object color) {
return ' Warning : the computer is not connected to a power source.';
}
@override
String get offlineWarning => 'Your pants are not off yet';
@override
String get chooseSecurityKeyTitle => 'Choose security key';Ubuntu has also set up a forum post about what it calls a malicious translation incident. It notes that “these translations are not part of the Ubuntu Archive and we believe the incident is contained only to translations provided via a third-party translation tool we use for a subset of applications.” Keep an eye on this post for further details about the incident, and news of when an updated desktop image becomes available. Ubuntu says that OS upgraders would not be affected by the translations in the desktop installer.
To those worried that this malicious tampering may be the tip of the iceberg, Ubuntu says that the observed incident only extends to this set of translations, and it doesn’t believe systems or data were compromised.
