If you were hoping to help test the upcoming release of Ubuntu 24.04 by way of the official beta that was due for release this week, I’ve some bad news: it’s been delayed.
However, I reckon you may have expected this.
Ubuntu 24.04 beta was scheduled for release on April 4, giving developers, testers, and enthusiasts several weeks to test the new features, find and report issues, check compatibility with and performance on real-world hardware, and all of that hyper-useful stuff.
But then a major security issue was announced: an (obfuscated) backdoor was discovered in recent versions of xz compression library which could allow attackers to access affected systems using SSH.
You can read more about this issue on openwall.com — fair warning: it’s scary stuff, and is classed at 10 in CVSS 3 severity. It’s not one of those abstract, “attacker with physical access to the machine” issues that often crop up (which are bad but don’t affect most home users).
That said, don’t be unnecessarily worried.
Supported, stable versions of Ubuntu are unaffected by the flaw (unless the compromised library was installed manually from outside of the Ubuntu repos, which is possible but, for home users, unlikely due to the recency of the affected builds).
Similarly, Canonical say the infected versions did not ship in Ubuntu 24.04 daily build images, but anyone using noble daily builds who enabled proposed updates and installed packages from there in recent weeks may want to use their system with extreme caution.
But Canonical has taken the decision to rebuild every binary package in the noble repos.
“Due to the complex nature of build dependencies and linking, out of an abundance of caution every binary built for Noble after the malicious code was introduced (February 26th) has been deleted and is being rebuilt,” Canonical’s Brian Murray says in an update.
Prudent and reassuring.
Accordingly, the Ubuntu 24.04 beta has been delayed. It will now release on April 11.