Debian GNU/Linux 13.4 is the fourth point release of the stable trixie distribution designed to address security issues and package corrections rather than introducing new features. This update resolves multiple critical vulnerabilities including CVE issues in packages like openssl, linux, and apache2 while updating glibc to handle heap corruption and memory leaks. Administrators can upgrade existing installations via HTTP mirrors or security.debian.org without discarding old media because most updates are bundled within this revision. New installation images and an updated Debian installer will be available soon to incorporate the necessary fixes for the stable distribution.

Debian GNU/Linux 13.4 Point Release: Security Fixes and Package Updates Delivered

The fourth point release of Debian GNU/Linux 13 (Trixie) is now available. The primary changes involve security advisories published separately and package corrections for serious issues including CVE vulnerabilities in multiple packages. Administrators managing systems that update from security.debian.org regularly can expect fewer manual upgrades since most updates are bundled within this revision.

What Changed Under the Hood

The point release does not constitute a new version of Debian 13 but only updates some of the packages included. A comprehensive list of mirrors is available at https://www.debian.org/mirror/list for those upgrading existing installations by pointing the package management system there. Notable corrections address Apache HTTP/2 regression issues, buffer overflow problems in arduino-core-avr with CVE-2025-69209, and denial of service vulnerabilities in packages like civetweb with CVE-2025-9648 and CVE-2025-55763. The glibc package received updates fixing heap corruption issues CVE-2026-0861 and stack contents leaks CVE-2026-0915 among other concerns.

Upgrading an existing installation to this revision can be achieved by pointing the package management system at one of Debian's many HTTP mirrors. After installation, packages can be upgraded to current versions using an up-to-date Debian mirror without throwing away old trixie media. Users who frequently install updates from security.debian.org won't have to update many packages and most such updates are included in the point release. Security Team has already released advisories for each of these updates under identifiers ranging from DSA-6054 through DSA-6157.

New Installation Images Coming Soon

New installation images will be available soon at regular locations including the Debian Installer which has been updated to include fixes incorporated into stable by the point release. The current stable distribution points to https://deb.debian.org/debian/dists/stable and proposed updates are accessible via https://deb.debian.org/debian/dists/proposed-updates. A full list of changed packages can be found at https://deb.debian.org/debian/dists/trixie/ChangeLog for those needing granular details about specific package modifications.

This release ensures systems stay protected against vulnerabilities while keeping the stable distribution current without requiring complete reinstallations or major version jumps.