Atualização Debian 13: 13.4 lançado

14 de Março de 2026

O projeto Debian está feliz em anunciar a quarta atualização de sua versão estável (stable) do Debian 13 (codinome trixie). Esta versão pontual adiciona principalmente correções para problemas de segurança, além de pequenos ajustes para problemas mais sérios. Avisos de segurança já foram publicados em separado e são referenciados quando necessário.

Por favor, note que a versão pontual não constitui uma nova versão do Debian 13, mas apenas atualiza alguns dos pacotes já incluídos. Não há necessidade de jogar fora as antigas mídias da trixie. Após a instalação, os pacotes podem ser atualizados para as versões atuais usando um espelho atualizado do Debian.

Aquelas pessoas que frequentemente instalam atualizações a partir de security.debian.org não terão que atualizar muitos pacotes, e a maioria de tais atualizações estão incluídas na versão pontual.

Novas imagens de instalação logo estarão disponíveis nos locais habituais.

A atualização de uma instalação existente para esta revisão pode ser feita apontando o sistema de gerenciamento de pacotes para um dos muitos espelhos HTTP do Debian. Uma lista abrangente de espelhos está disponível em:

https://www.debian.org/mirror/list

Correções gerais de bugs

Esta atualização da versão estável (stable) adiciona algumas correções importantes para os seguintes pacotes:

Pacote	Justificativa
akonadi	Show all folders in kmail
apache2	Fix HTTP/2 regression
arduino-core-avr	New upstream stable release; fix buffer overflow issue [CVE-2025-69209]
asahi-scripts	Fix SD card reader autosuspend
augeas	Fix null pointer dereference issue [CVE-2025-2588]
base-files	Update for the point release
bash	Rebuild with updated glibc
bglibs	Rebuild with updated glibc
bird2	Use Restart=on-abnormal instead of on-abort; RAdv: Fix flags for deprecated prefixes; BMP: Fix crash when exporting a route with non-bgp attributes; ASPA check fix for AS_SET
brltty	Fix taking the VT number from the chosen session
busybox	Rebuild with updated glibc
capstone	New upstream stable release; fix buffer overflow issue [CVE-2025-67873]; fix buffer underflow and overflow issue [CVE-2025-68114]
catatonit	Rebuild with updated glibc
cdebootstrap	Rebuild with updated glibc
chkrootkit	Rebuild with updated glibc
chrony	Open refclock writeable to maintain compatibility with newer kernels
civetweb	Fix denial of service issue [CVE-2025-9648]; fix buffer overflow issue [CVE-2025-55763]
ckb-next	Fix init script installation and initialisation; ensure cryptographic verification of firmware updates
clatd	Fix systemd unit installation; correct NetworkManager dispatcher install path; provide example configuration; ensure obsolete dispatcher script is removed on upgrade
condor	Rebuild with updated glibc
dar	Rebuild with updated glibc and openssl
debian-installer	Increase Linux kernel ABI to 6.12.73+deb13; rebuild against proposed updates
debian-installer-netboot-images	Rebuild against proposed-updates
debian-ports-archive-keyring	Add Debian Ports Archive Automatic Signing Key (2027); move 2025 signing key to the removed keys keyring
debsig-verify	Rebuild with updated dpkg
debvm	Only use the console in nographics mode; use correct variable name; autologin: prefer credentials to monkey patching unit; customize-resolved.sh: explicitly install systemd-resolved
deets	Rebuild with updated dpkg
direwolf	Fix stack buffer overflow [CVE-2025-34457]
distribution-gpg-keys	Update included keys
distrobuilder	Rebuild with updated incus
docker.io	Rebuild with updated glibc
dovecot	Fix possible crash in ldap userdb; fix crash in trash plugin; fix segfault when group ACLs are present but the user has no groups
dpkg	dpkg-query: Fix segfault with empty -S argument; Dpkg::OpenPGP: Do not run verify with no keyrings; Dpkg::Shlibs::Objdump::Object: Add support for Version References symbols; Dpkg::OpenPGP::Backend::GnuPG: Add missing Dpkg::Gettext import; fix denial of service issue [CVE-2026-2219]
e2fsprogs	Rebuild with updated glibc
ejabberd	Remove old apparmor profile file
ejabberd-contrib	Rebuild with updated ejabberd
erlang	Fix excessive resource use issues [CVE-2025-48038 CVE-2025-48039 CVE-2025-48040 CVE-2025-48041]; fix traffic redirection issue [CVE-2016-1000107]
ffmpegfs	Fix incomplete listing of files in output directory
flatpak	New upstream stable release
fluidsynth	Fix null pointer dereference issue [CVE-2025-56225]
fonttools	Fix arbitrary file write issue [CVE-2025-66034]
glibc	Update from upstream stable branch; fix heap corruption issue [CVE-2026-0861]; fix stack contents leak issue [CVE-2026-0915]; fix uninitialized memory use issue [CVE-2025-15281]; switch currency symbol for the bg_BG locale to euro; fix a null pointer dereference in symbol lookup when the symbol version hash is zero; fix various optimized functions
gnome-shell	Revert inadvertently backported change that can cause the Shell UI to not appear on some systems
gnu-efi	Fix build of UEFI binaries for armhf
gnuais	Fix displaying the map in gnuaisgui
gnupg2	Rebuild with updated glibc
gpsd	Fix out-of-bounds write issue [CVE-2025-67268]; fix denial of service issue [CVE-2025-67269]
grub-efi-amd64-signed	Fix ZFS root identification
grub-efi-arm64-signed	Fix ZFS root identification
grub-efi-ia32-signed	Fix ZFS root identification
grub2	Fix ZFS root identification
ifupdown	Fix IPv6 DAD handling in ifup; correct dhclient invocation ordering for IPv6; restore correct executable path detection in ifup scripts
integrit	Rebuild with updated glibc
jaraco.context	Prevent path traversal [CVE-2026-23949]
libcap2	Rebuild with updated glibc
libguestfs	Add dependency on isc-dhcp-client
libpng1.6	Fix heap buffer overflow issues [CVE-2026-22801 CVE-2026-22695]
libsndfile	Fix memory leak issue [CVE-2025-56226]
linux-base	Use compatible hook dir names for headers packages
lxc	Fix data corruption during heavy IO on PTS; update lxc-default-with-nesting apparmor profile; rebuild with updated glibc
mariadb	New upstream stable release; fix arbitrary code execution issue [CVE-2025-13699]; fix denial of service issue [CVE-CVE-2026-21968]; use tmpfiles.d to generate runtime directory; fix upgrades from version 10.4 when encryption is enabled; fix innodb_linux_aio support
mpg123	Do not modify raw ID3v2 data while parsing
node-proxy-agents	Fix path traversal issue [CVE-2026-27699]
open-iscsi	Fix discovery of static nodes
openssh	Fix mistracking of MaxStartups process exits in some situations; fix possible code execution issues [CVE-2025-61984 CVE-2025-61985]
openssl	New upstream stable release
passt	Increase AppArmor ABI version to 4.0 to enable user namespace creation
pcsx2	Fix code execution issue [CVE-2025-49589]
pdudaemon	Add missing dependency on setuputils
phpunit	Fix unsafe deserialization issue [CVE-2026-24765]
plastimatch	Repack to exclude non-free source files
policyd-rate-limit	Fix operation with Python >= 3.12
postgresql-17	New upstream stable release; fix buffer overrun issue [CVE-2026-2006]
python-cryptography	Fix missing validation in EC public key creation [CVE-2026-26007]
python-filelock	Fix TOCTOU symlink handling vulnerability in lock file creation [CVE-2025-68146]
python-multipart	Fix arbitrary file write issue [CVE-2026-24486]
python-os-ken	Accept empty OXM fields
python-pyspnego	Fix deprecation warnings
qemu	New upstream stable release; fix denial of service issues [CVE-2025-14876 CVE-2026-0665]
qtbase-opensource-src	Fix data races; X11: set fallback logical DPI to 96, fixing incorrect calculation
reprepro	Fix incorrect tracking data when copying packages
requests	Fix credential leak issue [CVE-2024-47081]
riseup-vpn	Support additional polkit providers
runit-services	Slim: start in foreground with -n; dbus-dep.fixer: correctly test for existing services definitions, only start dbus services, even with the sysv override
rust-ntp-proto	Fix excessive load issue [CVE-2026-26076]
rust-ntpd	Rebuild with rust-ntp-proto 1.4.0-4+deb13u1 to fix CVE-2026-26076
rust-tealdeer	Update archive URL
samba	New upstream stable release
sash	Rebuild with updated glibc
scilab	Fix build failure
snapd	Rebuild with updated glibc
sqlite3	Prevent integer overflow in FTSS extension [CVE-2025-7709]; add missing build dependency on pkgconf
starlette	Fix denial of service issue [CVE-2025-62727]
sudo	Only enable Intel CET on amd64; fix regression with sudoers.d filenames containing colons
suricata	Fix denial of service issues [CVE-2026-22258 CVE-2026-22259 CVE-2026-22261]; fix stack overflow issue [CVE-2026-22262]; fix heap overflow issue [CVE-2026-22264]
tayga	Fix EAM mapping for host addresses
tini	Rebuild with updated glibc
torsocks	Use correct environment variable; explicitly trigger ldconfig trigger
tripwire	Rebuild with updated glibc
tsocks	Rebuild with updated glibc
tzdata	New upstream release; Moldova has used EU transition times since 2022
uglifyjs	Fix test failure
units	Update URLs to packetizer.com
user-mode-linux	Rebuild with updated linux
wget2	Fix file overwrite issue with metalink [CVE-2025-69194]; fix remote buffer overflow [CVE-2025-69195]
wireless-regdb	New upstream stable release; update regulatory information for several countries
wireshark	New upstream stable release; fix USB HID dissector memory exhaustion [CVE-2026-3201]; fix RF4CE Profile dissector crash [CVE-2026-3203]
xen	New upstream stable release; fix buffer overrun issue [CVE-2025-58150]; fix incomplete vCPU isolation issue [CVE-2026-23553]
zabbix	New upstream stable release; fix data leakage issues [CVE-2025-27231 CVE-2025-27233 CVE-2025-27236 CVE-2025-27238 CVE-2025-49641]; fix denial of service issue [CVE-2025-49643]
zookeeper	Fix build failure by skipping some flaky tests
zsh	Rebuild with updated glibc

Atualizações de segurança

Esta revisão adiciona as seguintes atualizações de segurança para a versão estável (stable). A equipe de segurança já lançou um aviso para cada uma dessas atualizações:

ID do aviso	Pacote
DSA-6054	firefox-esr
DSA-6078	firefox-esr
DSA-6093	gimp
DSA-6094	libsodium
DSA-6095	foomuuri
DSA-6096	vlc
DSA-6097	chromium
DSA-6098	net-snmp
DSA-6099	python-parsl
DSA-6100	chromium
DSA-6101	firefox-esr
DSA-6102	python-urllib3
DSA-6103	thunderbird
DSA-6104	python-keystonemiddleware
DSA-6105	modsecurity-crs
DSA-6106	inetutils
DSA-6107	bind9
DSA-6108	chromium
DSA-6109	incus
DSA-6111	imagemagick
DSA-6112	openjdk-21
DSA-6113	openssl
DSA-6114	pyasn1
DSA-6115	gimp
DSA-6116	chromium
DSA-6117	python-django
DSA-6118	thunderbird
DSA-6119	jtreg8
DSA-6119	openjdk-25
DSA-6120	tomcat10
DSA-6121	tomcat11
DSA-6122	chromium
DSA-6123	xrdp
DSA-6124	wireshark
DSA-6125	usbmuxd
DSA-6126	linux-signed-amd64
DSA-6126	linux-signed-arm64
DSA-6126	linux
DSA-6128	shaarli
DSA-6129	munge
DSA-6130	haproxy
DSA-6131	nginx
DSA-6133	postgresql-17
DSA-6134	pdns-recursor
DSA-6135	chromium
DSA-6137	roundcube
DSA-6138	libpng1.6
DSA-6139	gimp
DSA-6140	gnutls28
DSA-6141	linux-signed-amd64
DSA-6141	linux-signed-arm64
DSA-6141	linux
DSA-6142	gegl
DSA-6143	libvpx
DSA-6144	inetutils
DSA-6145	nova
DSA-6146	chromium
DSA-6147	pillow
DSA-6148	firefox-esr
DSA-6149	nss
DSA-6150	python-django
DSA-6151	chromium
DSA-6152	thunderbird
DSA-6153	lxd
DSA-6155	spip
DSA-6156	gimp
DSA-6157	chromium

Instalador do Debian

O instalador foi atualizado para incluir as correções incorporadas na versão estável (stable) pela versão pontual.

URLs

As listas completas dos pacotes que foram alterados por esta revisão:

https://deb.debian.org/debian/dists/trixie/ChangeLog

A atual versão estável (stable):

https://deb.debian.org/debian/dists/stable/

Atualizações propostas (proposed updates) para a versão estável (stable):

https://deb.debian.org/debian/dists/proposed-updates

Informações da versão estável (stable) (notas de lançamento, errata, etc):

https://www.debian.org/releases/stable/

Anúncios de segurança e informações:

https://www.debian.org/security/

Sobre o Debian

O projeto Debian é uma associação de desenvolvedores(as) de Software Livre que dedicam seu tempo e esforço como voluntários(as) para produzir o sistema operacional completamente livre Debian.

Informações de contato

Para mais informações, por favor visite as páginas web do Debian em https://www.debian.org/, envie um e-mail (em inglês) para <press@debian.org>, ou entre em contato (em inglês) com a equipe de lançamento da versão estável (stable) em <debian-release@lists.debian.org>.