for those of you who are like “what the hell are the computer people going on about today”:
a small package that is widely used, including by the linux kernel itself, got a backdoor put in that would allow any interested parties access to affected systems. this backdoor was added by the maintainer of the package who took over from the overwhelmed previous maintainer. the backdoor that we know about is restricted in what systems it can affect and it did not make its way into stable releases. your ubuntu laptop is fine.
but if this had gone undetected and they had added additional functionality, basically every linux system everywhere might have been made vulnerable (this includes all android phones, most routers, many vacuum cleaners, all kinds of servers and internet infrastructure, and more).
it probably has not gotten that far (TBD, but it’s looking like it got caught early enough) but everyone is adequately terrified because it got discovered completely by accident.
saddestrobots