Over two months after the previous 13.1 release, the Debian Project rolled out the second update to the stable 13 “Trixie” series, primarily focusing on improving security and addressing bugs across various packages.
The update includes a wide range of advisories touching core components such as Firefox ESR, Chromium, OpenSSL, Linux kernel, Xorg Server, Dovecot, Redis, gimp, HAProxy, and others. In addition, many packages received fixes for denial-of-service issues, buffer overflows, memory corruption, and multiple CVE-specific vulnerabilities.
However, if you’ve been keeping your system updated through security.debian.org, there’s not much to do with this release—most of the fixes were already included in earlier updates. 13.2 just brings them together in one place. However, if you’re doing a fresh install, this is the version to download and set up.
Debian 13.2 also introduces a rebuilt installer and netboot images based on Linux kernel 6.12.57, ensuring hardware compatibility and alignment with the current stable ABI. Several components central to system stability also saw improvements:
- Systemd: fixes for DNS-over-TLS handling in systemd-resolved, lifecycle improvements for units and services, updated hwdb data, and refinements around TPM2 and pcrlock.
- Curl: multiple CVE fixes covering buffer over-read, cache poisoning, and path traversal.
- libssh, libsmb2, libhtp, libxml2, and libwebsockets: targeted corrections for null pointer dereferences, memory leaks, and denial-of-service conditions.
Beyond security fixes, this update includes updates and corrections to a broad range of packages. Highlights include:
- 7zip and 7zip-rar are receiving upstream releases with multiple security fixes.
- ansible and ansible-core updated to maintain compatibility with the stable ansible-core 2.19 series.
- asahi-scripts, alsa-ucm-conf-asahi, and related packages are improving support for Apple Silicon systems.
- fonts-noto-color-emoji updated with Unicode 17.0 support.
- gnome-maps, gnome-session, and epiphany-browser are shipping updated stable releases and targeted fixes.
- ublock-origin gaining new filter capabilities and usability improvements.
- nextcloud-desktop, dolphin-emu, mpv, and many desktop-oriented applications are receiving upstream fixes.
A number of server-side components were also refreshed, including FreeRADIUS, libvirt, QEMU, Postfix, Samba, Suricata, ModSecurity-Apache, and RabbitMQ-Server, addressing bugs and patching security issues.
Furthermore, the Debian Installer was rebuilt to include all fixes introduced since the previous point release, ensuring new installations begin with a secure and up-to-date base. The updated kernel enhances compatibility across AMD64, ARM64, and Asahi-supported hardware, while packages such as open-vm-tools, irqbalance, systemd-boot, and NVIDIA Tesla drivers have received targeted corrections.
As part of routine maintenance, one package—rust-profiling-procmacros—was removed because it was no longer in use.
Once again, Debian 13.2 doesn’t add any new features to the “Trixie” release—it’s all about fixing bugs and addressing security issues in certain packages. So, if you’re already using it, simply run the command below to update your system to the latest stable version.
sudo apt update && sudo apt upgradeCode language: Bash (bash)For more in-depth information on all the changes in Debian 13.2, see the release announcement. A comprehensive list of all packages that have received updates is available here.
Debian 13.2 netinst ISO images are available for download here. They offer a base system perfect for servers or users who prefer to customize the installation to suit their needs. It supports nine architectures: amd64, arm64, armel, armhf, i386, mips64el, mipsel, ppc64el, and s390x.
For a more ready-to-use experience, the new release also provides Live images featuring pre-installed desktop environments like GNOME, KDE, LXDE, Xfce, Cinnamon, and MATE. Please note that they are available only for the AMD64 architecture.
Finally, consider enabling automatic security updates to receive future patches without delay if you haven’t already done so. If you’re unsure how to do it, our guide will have you up and running in no time.
