Two months after its previous 12.8 release, the Debian Project rolled out the ninth update of its stable 12 “Bookworm” series, primarily focusing on improving security and addressing bugs across various packages.
If you’ve been keeping your system updated through security.debian.org, there’s not much to do with this release—most of the fixes were already included in earlier updates. 12.9 just brings them together in one place. However, if you’re doing a fresh install, this is the version to download and set up.
Powered by Linux kernel 6.1 LTS, Debian 12.9 fixes various issues in the distro’s stable branch. Here are a few highlights:
- Ansible-Core: Upstream stable release fixing arbitrary code execution.
- Dnsmasq: Resolves multiple denial-of-service threats and sets the default maximum EDNS.0 UDP packet size to 1232.
- Intel-Microcode: Incorporates a new upstream security release addressing multiple CVEs.
- Python Libraries (e.g., pypy3, python-asyncssh, python-urllib3, python-werkzeug, python3.11): Fixes a variety of issues, including server-side request forgery, denial of service, header injection, and more.
- Linux Kernel: Bumps the ABI to 29, ensuring broader hardware support, security enhancements, and critical bugfixes.
Additionally, several packages related to Thunderbird—including allow-html-temp, eas4tbsync, mailmindr, quicktext, and tbsync—have been updated to preserve compatibility with version 128 of the mail client.
Debian 12.9 also incorporates a range of security updates previously released by the Debian Security Team. These updates address vulnerabilities in major packages like Thunderbird, Guix, Chromium, Firefox ESR, Symfony, PHP, Ceph, and others.
Once again, Debian 12.9 doesn’t bring any new features to the “Bookworm” release—it’s all about fixing bugs and addressing security issues in certain packages. So, if you’re already using it, simply run the command below to update your system to the latest stable version.
sudo apt update && sudo apt upgradeCode language: Bash (bash)The release announcement provides in-depth information on all changes. A comprehensive list of all packages that have received updates is available here.
The main Debian 12.9 netinst image is now available for download from here. It offers a base system perfect for servers or users who prefer to customize the installation to suit their needs. It supports nine architectures: amd64, arm64, armel, armhf, i386, mips64el, mipsel, ppc64el, and s390x.
For a more ready-to-use experience, the new release also provides Live images featuring pre-installed desktop environments like GNOME, KDE, LXDE, Xfce, Cinnamon, and MATE. Please note that they are available only for amd64 architecture.
Lastly, consider enabling automatic security updates to receive future patches without delay if you haven’t already done so. If you’re unsure how to do it, our guide will have you up and running quickly.
