Debian 13.4 Released with Security Fixes and Stability Updates

More than two months after the previous 13.3 update, the Debian Project has released Debian 13.4, the fourth update in the stable “Trixie” series. This release mainly focuses on collecting previously issued fixes for security vulnerabilities and major bugs affecting a wide range of packages.

For users who regularly install updates from security.debian.org, there is usually little action required. Most of the fixes included in Debian 13.4 have already been delivered through earlier security updates, and this point release simply gathers them into a single refreshed release image.

The update includes bug fixes across numerous packages. Examples include resolving an HTTP/2-related issue in Apache HTTP Server, improvements to the BIRD Internet Routing Daemon routing software, stability fixes for Dovecot, and corrections within the dpkg package management system. Additionally, updated upstream versions of several widely used tools are included, such as MariaDB, Samba, Xen, Flatpak, OpenSSL, PostgreSQL, and QEMU.

Several core system components were also refreshed. The GNU C Library (glibc) received updates from its upstream stable branch to address security concerns and memory-related issues. This update also modifies the currency symbol used in the Bulgarian locale to the euro and resolves bugs in certain optimized functions.

Further security patches address vulnerabilities in multiple packages, including libpng, Suricata, various Python libraries, SQLite, wget2, and Wireshark. To maintain compatibility and system reliability, numerous packages were rebuilt using the updated glibc.

The release also updates the Debian Installer, which now includes fixes from the stable repository and runs on the Linux Kernel version 6.12.73.

Alongside these changes, Debian’s security team published a significant number of advisories addressing vulnerabilities in widely used applications and libraries. Updates were released for projects such as Chromium, Firefox ESR, Mozilla Thunderbird, OpenJDK, ImageMagick, NGINX, PostgreSQL, and BIND9, among others.

Like other point releases in the stable series, Debian 13.4 does not introduce new features to the Trixie release. Instead, it focuses entirely on stability improvements, bug fixes, and security patches.

Users already running Debian 13 can update their systems to the latest state by executing:

sudo apt update && sudo apt upgrade

For those planning a new installation, updated netinst ISO images for Debian 13.4 are available. These minimal installers provide a base system that can be customized as needed and support several architectures, including amd64, arm64, armhf, ppc64el, riscv64, and s390x.

Additionally, live installation images are provided with preconfigured desktop environments such as GNOME, KDE Plasma, LXDE, Xfce, Cinnamon, and MATE Desktop. These ready-to-use images are currently offered for the AMD64 architecture.

Finally, enabling automatic security updates is recommended so that future patches can be installed automatically as they become available.