The Debian Project has released an update for its "oldstable" distribution, Debian GNU/Linux 12 (Bookworm), which primarily addresses security fixes and patches for various important packages. This point release, Debian 12.13, does not introduce a new version of Bookworm but instead updates the existing software components on users' systems, making it easy to upgrade using an updated Debian mirror. The update includes smaller tweaks and bug fixes across different packages, with a focus on security, particularly for widely used code in Chromium, Firefox-ESR, and OpenSSL.

Debian GNU/Linux 12.13 released

The Debian Project released an update for its "oldstable" distribution, Debian GNU/Linux 12 (Bookworm). This thirteenth point release mainly tackles security fixes and patches for some important packages where problems had recently come up.

It's crucial to know this update doesn't mean a new version of Bookworm is out; it just updates the existing software components in place. Therefore, if you have already installed Debian 12, it won't impact your installation media. Simply upgrade your system by directing your package manager to an updated Debian mirror and allowing it to retrieve the most recent versions.

These kinds of point releases are helpful for users who keep their system current through security.debian.org specifically because many updates from that source have been folded into this release. New install images will follow, typically available soon via the standard distribution channels, but upgrading your existing setup should be straightforward too, just switch to one of Debian's mirrors.

Beyond the core updates, there are plenty of smaller tweaks and bug fixes spread across different packages. Packages like allow-html-temp now support newer Thunderbird versions, while angular.js has patches for several security issues identified as CVE-2022-25844, CVE-2023-26116, CVE-2023-26117, and CVE-2023-26118. Other fixes cover things like denial of service risks or issues with improperly handling input.

But the standout thing here is security itself. Many packages got focused updates precisely because they contain widely used code that needs to stay safe. The Debian Security Team provided detailed advisories for all these major changes, covering popular applications and libraries including Chromium, Firefox-ESR, and OpenSSL, just two examples, really driving home the project's dedication to keeping its users protected.

Some software isn't getting a spotlight treatment, though; packages like ClamAV have been removed due to specific problems. These issues include lack of support on certain architectures (like armel or mipsel) or other security considerations tied to that architecture's support dropping off.

Debian also made improvements specifically within the installer itself, incorporating those same fixes from this release. For a full rundown of every single change, head over to the Debian ChangeLog; it's usually pretty thorough with all the details you'd need.