The Debian Project has announced the release of Debian 13.6, a significant maintenance update for the Debian 13 series, also known as “trixie.” This release is primarily aimed at addressing security vulnerabilities and resolving critical software issues across the extensive package collection of the operating system.
Key Security Fixes and Software Updates
Debian 13.6 is not a new major version, so users currently running Debian 13 do not need to reinstall the OS or download new installation media. Instead, they can access the updated packages through Debian’s standard package repositories and mirrors.
The update addresses security vulnerabilities in widely used components such as Apache HTTP Server, curl, QEMU, OpenSSL, Linux, Samba, nginx, PostgreSQL, Firefox ESR, Chromium, Thunderbird, rsync, Wireshark, and ImageMagick. These fixes cover a range of issues, including memory corruption, buffer overflows, use-after-free bugs, and more.
Significant Changes in Apache, curl, and QEMU
The Apache HTTP Server received multiple patches for vulnerabilities like use-after-free, buffer overflow, and cross-site scripting. Simultaneously, curl updates have resolved issues related to credential handling during redirects, stale cookie exposure, and memory safety concerns in SMB connections.
QEMU has also been updated with numerous security fixes, making this release crucial for virtualization hosts and infrastructure environments.
Secure Boot and Firmware Enhancements
A major highlight of Debian 13.6 involves improvements to Secure Boot certificate management. The fwupd package has been updated to version 2.0.20, facilitating changes to the UEFI Secure Boot certificate authority, Key Exchange Key, and revocation database.
Debian has alerted users that the UEFI Secure Boot CA from 2013 has expired, potentially affecting system booting unless updated certificates are applied. Administrators are advised to follow Debian’s guidelines on Secure Boot CA transition and obtain necessary firmware updates from hardware manufacturers.
Kernel Updates and GeoIP Database Reversion
The update includes kernel and installer package rebuilds with Linux ABI 6.12.94 + deb 13, enhancing hardware support and installation reliability. Additionally, wireless-regdb has been updated with new regulatory data for various countries.
Debian has reverted the geoip-database to an earlier version from December 2019 due to distribution restrictions under its Free Software Guidelines. Organizations needing current geolocation data should acquire a GeoLite license directly from the provider.
Conclusion and Upgrade Instructions
New installation images for Debian 13.6 are available via Debian’s standard download sites. Users can upgrade their existing systems by updating their repository metadata and applying the available upgrades. The command to do this is: sudo apt update && sudo apt full-upgrade.
