Is there any chance that Linux open source distributions such as Ubuntu would hide malicious code or backdoor or similar thing in their code and simply hide it in their release publication?

Yes, of course

Rule number 0 in security:

Nothing can be secure.

@electrineer you again?

@dIREsTRAITS I heard you're looking for a backdoor

@electrineer didn't know you'd like to knock at someone's backdoor?

It can go unchallenged, given the culture of "letting it slide", yes.

It's happened.

I think.

@dIREsTRAITS yes. But this time he is correct

This can happen with any software at any stage. Sometimes by accident/outsiders trough typosqatting, compromised tool-chain/server.
Generally the very late stage or very early stage injection are harder to detect once in undetected.

Other times it's by bad actors or government demand.

@hjk101

> Other times it's by ( ... ) government demand.

Although it can happen, its extremely rare. 99% of CIV is done by bad actor.

Open source does not guarantee secure source.

The larger the project / community the more observant eyes over changes.

@c3r38r170 how?

Si Amigo

@IntrusionCM 🎶 can you hear me knockin!🎶

Someone did try to inject a back door into the Linux kernel at one time (that I know of). They caught it and recognized that it was in fact an attempt to put in a back door.

At the distribution, it would seem like that would be easier to attempt. No idea what kind of scrutiny there is at Ubuntu. If they have customers that pay real money, maybe less likely. Paying customers tend to get pissed when that happens. Even by accident.