Debian 13 Released With Security Updates, Bug Fixes and Driver Updates

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Spread the love

The Debian Project has released Debian 13.6, the latest maintenance update for Debian 13 “trixie.” The point release focuses on security corrections and fixes for serious software issues across the operating system’s package collection.

Debian 13.6 is not a new major version of the distribution. Users do not need to reinstall the operating system or download new installation media to receive the changes.

Systems already running Debian 13 can obtain the updated packages through Debian’s regular package repositories and mirrors.

The update includes fixes for vulnerabilities affecting widely deployed components such as Apache HTTP Server, curl, QEMU, OpenSSL, Linux, Samba, nginx, PostgreSQL, Firefox ESR, Chromium, Thunderbird, rsync, Wireshark, and ImageMagick.

These updates address a broad range of flaws, including memory corruption, buffer overflows, use-after-free bugs, denial-of-service conditions, cross-site scripting, server-side request forgery, path traversal, credential leaks, and command injection.

Apache received multiple security fixes, including patches for use-after-free, buffer overflow, out-of-bounds read, file-read, denial-of-service, and cross-site scripting vulnerabilities.

Curl updates address several issues involving credential handling during redirects, stale cookie exposure, SMB-related memory safety bugs, and unsafe connection reuse.

QEMU also received a large collection of security fixes, making the update significant for virtualization hosts and infrastructure environments.

Debian 13.6 Released

A major change in Debian 13.6 involves the Secure Boot certificate transition. The bundled fwupd package has been upgraded to upstream version 2.0.20, enabling updates to the UEFI Secure Boot certificate authority, Key Exchange Key, and revocation database.

Debian warned that the UEFI Secure Boot CA from 2013, used to sign bootloaders on many systems, has expired.

Future shim-signed updates could prevent affected devices from booting when Secure Boot remains enabled unless users apply updated CA, KEK, and DBX data supplied by their hardware manufacturer.

Debian advises administrators to follow its Secure Boot CA transition guidance and obtain the required firmware updates from their OEM.

The release also updates shim, shim-signed, and signed helper packages to improve compatibility with the 2023 Microsoft UEFI Certificate Authority.

Kernel and installer packages were rebuilt with Linux ABI 6.12.94 + deb 13, while wireless-regdb received newer regulatory information for several countries. These updates can improve hardware support, wireless device behavior, and installation reliability.

Debian also reverted geoip-database to an approximately December 2019 version because newer GeoLite database releases cannot be distributed under the Debian Free Software Guidelines.

Applications relying on geolocation data may therefore use outdated IP allocation records. Organizations needing current data should obtain a GeoLite license directly from the provider.

New Debian 13.6 installation images will be published through Debian’s standard download locations. Users can upgrade an existing system by refreshing repository metadata and applying available upgrades: sudo apt update && sudo apt full-upgrade .

 Strengthen Your SOC by Accelerating Threat Detection & Rapid Investigations. -> Integrate ANY.RUN With Your SOC Now.