The Debian Project has announced Debian 13.5, the fifth point release in the Debian 13 “Trixie” series, consolidating corrections for security vulnerabilities and serious functional issues across a wide range of packages.
If you’ve been keeping your system updated through security.debian.org, there’s not much to do with this release, because most of the fixes were already included in earlier updates. 13.5 just brings them together in one place.
Debian 13.5 includes updates for Apache, OpenSSH, Nginx, glibc, systemd, sudo, Python 3.13, FreeRDP, Exim, jq, X.Org Server, Curl, rsync, Firewalld, bubblewrap, libarchive, libcap2, Nano, and additional packages.
The Apache update resolves several security issues, such as use-after-free, privilege escalation, authentication bypass, NULL pointer dereference, HTTP response splitting, and out-of-bounds read vulnerabilities. OpenSSH receives fixes for scp, command execution, key algorithm handling, ProxyJump, and authorized_keys principal handling.
This point release also updates systemd to a new upstream stable version (257.13), addressing code execution flaws and an nspawn escape-to-host vulnerability. The glibc update fixes DNS response handling, invalid DNS hostname returns, an assertion failure, and other library issues.
In addition to package fixes, Debian’s Security Team has also included numerous security advisories in this revision, covering packages such as Firefox ESR, Thunderbird, Chromium, OpenSSL, Linux, Node.js, WebKitGTK, ImageMagick, OpenJDK, LibreOffice, Exim, Apache, Wireshark, Tor, BIND9, and others.
Once again, Debian 13.5 doesn’t add any new features to the “Trixie” release. It’s all about fixing bugs and addressing security issues in certain packages. If you’re already using it, simply run the command below to update your system to the latest stable version.
sudo apt update && sudo apt upgradeCode language: Bash (bash)For more in-depth information on all the changes in Debian 13.5, see the release announcement. A comprehensive list of all packages that have received updates is available here.
If you are planning a fresh install, Debian 13.5 netinst ISO images are available for download here. They offer a base system ideal for servers or users who want to customize the installation to their needs, with support for six architectures: amd64, arm64, armhf, ppc64el, riscv64, and s390x.
For a ready-to-use experience, the new release also provides Live images with pre-installed desktop environments: GNOME, KDE, LXDE, Xfce, Cinnamon, and MATE. These are available only for the AMD64 architecture.
Finally, consider enabling automatic security updates to receive future patches without delay if you haven’t already. If you’re unsure how, our guide will have you up and running in no time.
