Debian 13.2 Released with Security Fixes and Stability Updates

Over two months after the previous 13.1 release, the Debian Project rolled out the second update to the stable 13 “Trixie” series, primarily focusing on improving security and addressing bugs across various packages.

The update includes a wide range of advisories affecting core components, such as Firefox ESR, Chromium, OpenSSL, the Linux kernel, Xorg Server, Dovecot, Redis, GIMP, HAProxy, and others. In addition, many packages received fixes for denial-of-service issues, buffer overflows, memory corruption, and multiple CVE-specific vulnerabilities.

However, if you’ve been keeping your system updated through security.debian.org, there’s not much to do with this release—most of the fixes were already included in earlier updates. 13.2 just brings them together in one place. However, if you’re doing a fresh install, this is the version to download and set up.

Debian 13.2 also introduces a rebuilt installer and netboot images based on Linux kernel 6.12.57 LTS, ensuring hardware compatibility and alignment with the current stable ABI. Several components central to system stability also saw improvements:

• Systemd: fixes for DNS-over-TLS handling in systemd-resolved, lifecycle improvements for units and services, updated hwdb data, and refinements around TPM2 and pcrlock.
• Curl: multiple CVE fixes covering buffer over-read, cache poisoning, and path traversal.
• libssh, libsmb2, libhtp, libxml2, and libwebsockets: targeted corrections for null pointer dereferences, memory leaks, and denial-of-service conditions.

Beyond security fixes, this update includes updates and corrections to a broad range of packages. Highlights include:

• 7zip and 7zip-rar are receiving upstream releases with multiple security fixes.
• Ansible and Ansible Core updated to maintain compatibility with the stable ansible-core 2.19 series.
• asahi-scripts, alsa-ucm-conf-asahi, and related packages are improving support for Apple Silicon systems.
• Noto Color Emoji fonts have been updated to support Unicode 17.
• GNOME Maps, GNOME Session, and Epiphany Browser are shipping updated stable releases and targeted fixes.
• Ublock Origin is gaining new filter capabilities and usability improvements.
• Nextcloud Desktop, Dolphin-Emu, MPV, and many desktop-oriented applications are receiving upstream fixes.

Several server-side components were also updated, including FreeRADIUS, libvirt, QEMU, Postfix, Samba, Suricata, ModSecurity-Apache, and RabbitMQ-Server, to address bugs and patch security issues.

Furthermore, the Debian Installer was rebuilt to include all fixes introduced since the previous point release, ensuring new installations begin with a secure and up-to-date base. The updated kernel enhances compatibility across AMD64, ARM64, and Asahi-supported hardware, while packages such as open-vm-tools, irqbalance, systemd-boot, and NVIDIA Tesla drivers have received targeted corrections.

As part of routine maintenance, one package, rust-profiling-procmacros, was removed because it was no longer in use.

Once again, Debian 13.2 doesn’t add any new features to the “Trixie” release—it’s all about fixing bugs and addressing security issues in certain packages. If you’re already using it, simply run the command below to update your system to the latest stable version.

sudo apt update && sudo apt upgradeCode language: Bash (bash)

For more in-depth information on all the changes in Debian 13.2, see the release announcement. A comprehensive list of all packages that have received updates is available here.

Debian 13.2 netinst ISO images are available for download here. They offer a base system that is perfect for servers or users who prefer to customize the installation to suit their specific needs, with support for six architectures: amd64, arm64, armhf, ppc64el, riscv64, and s390x.

For a more ready-to-use experience, the new release also provides Live images featuring pre-installed desktop environments like GNOME, KDE, LXDE, Xfce, Cinnamon, and MATE. Please note that they are available only for the AMD64 architecture.

Finally, consider enabling automatic security updates to receive future patches without delay if you haven’t already done so. If you’re unsure how to do it, our guide will have you up and running in no time.