Ubuntu 24.04 Beta released after week delay due to malicious code

Ubuntu 24.04 Beta
(Image credit: Tom's Hardware)

After a week's delay, Ubuntu 24.04 Beta has been released for eager users to test out on their systems. Ubuntu 24.04 (codenamed Noble Numbat) is the latest Long Term Support version of the popular Linux OS and introduces a new installer for new and experienced users. Hat tip to OMG Ubuntu for the news.

Ubuntu 24.04 is based on Linux Kernel 6.8 and uses Gnome 46 for the desktop environment. The basic requirements for Ubuntu 24.04 are a machine with at least 1GB of RAM according to the Beta download page. We'd stick with the Ubuntu 22.04 requirements as our lowest comfortable spec (2 GHz dual core CPU, 4GB of RAM and 25GB of storage).

The installer is still based on the previous Flutter user interface but for 24.04 it has an updated look, and to be frank, we like it. The install can be interactive or automated. The interactive installation is more the traditional "ask a bunch of questions and tailor the install as you go" whereas the automated installer uses a yaml file. 

This file is something that OEMs and advanced users are likely to use to create en-masse installs to match their requirements. We installed Ubuntu 24.04 to a spare NVMe SSD in our Khadas Mind and the entire process took less than 10 minutes.

Ubuntu 24.04 running on a Lenovo X220 with a 2nd Gen Intel I5 CPU and Khadas Mind with an Intel 13th Gen i7-1360P CPU

(Image credit: Tom's Hardware)

The overall look and feel of Ubuntu 24.04 is the same as previous releases, and that is not a bad thing! Running Gnome 36 (codenamed “Kathmandu”), Ubuntu 24.04 feels responsive but we were using a decent spec machine. We tested the Beta on a Khadas Mind, an Intel 13th gen I7 1360P "Raptor Lake" CPU and 32GB of RAM and also on a spare Lenovo X220 laptop which has seen many Linux installs during its long service. On the Khadas Mind it flew, but the older Lenovo X220 struggled a little. There are 11 generations of CPU between these two machines, so perhaps its time to admit that Ubuntu is a little too heavy for my aging X220 and use Lubuntu or Xubuntu?

Software installation can be handled via the App Center or in the terminal. The App Center redesign was introduced in Ubuntu 23.10, and it can be used to install applications using Snap and DEB packages. For the terminal users out there, we can install just as easily using apt and snap. 

As noted by OMG Ubuntu, there are a few software changes. The Cheese camera app is now replaced with Gnome Snapshot. Gnome Games has been removed, and Mozilla's Thunderbird e-mail client is now installable via snap. Under the hood there are power efficiency changes for Intel and AMD laptop users.

Why was the beta for Ubuntu 24.04 delayed? The key reason was CVE-2024-3094 — otherwise known as the XZ compression tools, which were compromised with malicious code. Canonical, the company behind Ubuntu took the decision to remove and rebuild all binary packages that had been built for Ubuntu 24.04 since CVE-2024-3094 was raised. Ubuntu wasn't the only Linux distro to bear the brunt of the issue. Red Hat's Fedora, Debian users who run unstable or experimental packages, Kali Linux, and some Arch Linux installation media files were also affected. 

As far as we know, Ubuntu 24.04 is on track for an April 25 release, so the lost week may not impact the release. Unlike Ubuntu 6.06 "Dapper Drake" back in 2006 which was delayed two months to give the developers time to add extra features. Ubuntu 6.06 was the only Ubuntu release to be delayed, could Ubuntu 24.04 be the second? We hope not, but if it is, then so be it.

Les Pounder

Les Pounder is an associate editor at Tom's Hardware. He is a creative technologist and for seven years has created projects to educate and inspire minds both young and old. He has worked with the Raspberry Pi Foundation to write and deliver their teacher training program "Picademy".

  • AkroZ
    It would have been a major breach noted in history if it will not have been found.
    The malicious xz util modify glibc used by the compiler gcc which modify one function from OpenSSH to introduce a backdoor. You can't see the backdoor in the code source as it is the compiler which introduce it in the binary.
    All systems with SSH build with gcc (most) would have been compromised.
    The author was one of the maintainer of xz util and have made some others dubious changes in others projects like libarchive.
    This again reveal the issue of checking the code of all the dependencies for projects as criticals as compilers and operating systems.