If you were anticipating the opportunity to participate in testing the imminent Ubuntu 24.04 release via the official beta scheduled for release this week, I must share some unfortunate news: the release has been postponed.
Having said that, I suspect this isn’t entirely unexpected.
The beta version of Ubuntu 24.04 was planned to be launched on April 4. This would have provided developers, testers, and enthusiasts ample time to examine and test the latest features, identify and report any problems, assess compatibility and performance with real-life hardware, and all other incredibly useful activities.
However, the unveiling of a substantial security risk disrupted the plan. An encrypted backdoor was found in recent versions of the “xz” compression library, potentially enabling intruders to access infected systems using SSH.
You can read more about this issue on openwall.com — fair warning: it’s scary stuff, and is placed at 10 in CVSS 3 severity. This isn’t one of those abstract, “attacker with physical access to the machine” problems that come up from time to time (which may be bad but don’t typically affect majority of home users).
Nevertheless, don’t be overly alarmed.
Supported, stable versions of Ubuntu are unaffected by this flaw (unless the compromised library was manually installed from somewhere other than the Ubuntu repositories, which while possible, is improbable for home users due to the recency of the affected builds).
In the same vein, Canonical has stated that the compromised versions were not included in Ubuntu 24.04 daily build images. However, individuals using the noble daily builds who enabled proposed updates and installed packages from there in recent weeks, should operate their system with utmost caution.
Canonical has made the decision to reconstruct every binary package in the noble repositories.
“In view of the intricate nature of build dependencies and linking, we have, to be on the safe side, deleted every binary built for Noble after the introduction of the malicious code (February 26th) and are in the process of rebuilding,” says Brian Murray of Canonical in an update.
This approach is both prudent and offers reassurance.
As a result, the release of the Ubuntu 24.04 beta has been delayed. The new release date is now set for April 11.