Debian released version 13.4 of its stable distribution on 2026-03-14, patching security issues across more than 100 packages in the Trixie release. The point release addresses critical vulnerabilities in core system components including glibc, the Linux kernel, OpenSSH, and PostgreSQL, along with fixes for web browsers Firefox and Chromium.
The glibc update resolves heap corruption (CVE-2026-0861), stack contents leaks (CVE-2026-0915), and uninitialized memory issues (CVE-2025-15281), while also switching Bulgaria's currency symbol to the euro. OpenSSH patches close two code execution vulnerabilities (CVE-2025-61984, CVE-2025-61985) and fixes process tracking issues with MaxStartups. The Linux kernel update bumps the ABI to 6.12.73 and addresses multiple security concerns flagged in DSA-6126 and DSA-6141.
Other significant fixes include PostgreSQL 17 buffer overrun protection (CVE-2026-2006), MariaDB arbitrary code execution patches (CVE-2025-13699), and denial of service mitigations in QEMU, Suricata, and Wireshark. The update also resolves ZFS root identification problems in GRUB bootloaders across amd64, arm64, and ia32 platforms, along with networking fixes for ifupdown's IPv6 DAD handling and chrony's refclock compatibility with newer kernels.
Users running Debian 13 can upgrade to this revision by pointing their package manager at any Debian mirror. The updated Debian installer incorporates all fixes from this point release, though existing installations do not need to reinstall media as packages update to current versions automatically.
