Postmortem of the Xubuntu.org download site compromise

Date:
Wed, 19 Nov 2025 16:16:22 +0000

Description:
In mid-October, the Xubuntu download site was compromised and had directed users to a malicious
zip file instead of the Torrent file that users expected. Elizabeth
K. Joseph has published a postmortem of the incident, along with plans to avoid such a breach
in the future: To be perfectly clear: this only impacted our website, and the torrent
links provided there. If you downloaded or opened a file named "Xubuntu-Safe-Download.zip"
from the Xubuntu downloads page during this period, you should assume
it was malicious. We strongly recommend scanning your computer with a
trusted antivirus or anti-malware solution and deleting the file
immediately. Nothing on cdimages.ubuntu.com or any of the other official Ubuntu
repositories was impacted, and our mirrors remained safe as long as
they were also mirroring from official resources. None of the build systems, packages, or other components of Xubuntu
itself were impacted.

======================================================================
Link to news story:
https://lwn.net/Articles/1047056/


--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)