Uppdaterad Debian 13; 13.4 utgiven
14 mars 2026
Debianprojektet presenterar stolt sin fjärde uppdatering till dess
stabila utgåva Debian 13 (med kodnamnet trixie
).
Denna punktutgåva lägger huvudsakligen till rättningar för säkerhetsproblem,
tillsammans med ytterligare rättningar för allvarliga problem. Säkerhetsbulletiner
har redan publicerats separat och refereras när de finns tillgängliga.
Vänligen notera att punktutgåvan inte innebär en ny version av Debian
13 utan endast uppdaterar några av de inkluderade paketen. Det behövs
inte kastas bort gamla media av trixie
. Efter installationen
kan paket uppgraderas till de aktuella versionerna genom att använda en uppdaterad
Debianspegling..
De som frekvent installerar uppdateringar från security.debian.org kommer inte att behöva uppdatera många paket, och de flesta av sådana uppdateringar finns inkluderade i punktutgåvan.
Nya installationsavbildningar kommer snart att finnas tillgängliga på de vanliga platserna.
En uppgradering av en existerande installation till denna revision kan utföras genom att peka pakethanteringssystemet på en av Debians många HTTP-speglingar. En utförlig lista på speglingar finns på:
Blandade felrättningar
Denna uppdatering av den stabila utgåvan lägger till några viktiga felrättningar till följande paket:
| Paket | Orsak |
|---|---|
| akonadi | Show all folders in kmail |
| apache2 | Fix HTTP/2 regression |
| arduino-core-avr | New upstream stable release; fix buffer overflow issue [CVE-2025-69209] |
| asahi-scripts | Fix SD card reader autosuspend |
| augeas | Fix null pointer dereference issue [CVE-2025-2588] |
| base-files | Update for the point release |
| bash | Rebuild with updated glibc |
| bglibs | Rebuild with updated glibc |
| bird2 | Use Restart=on-abnormal instead of on-abort; RAdv: Fix flags for deprecated prefixes; BMP: Fix crash when exporting a route with non-bgp attributes; ASPA check fix for AS_SET |
| brltty | Fix taking the VT number from the chosen session |
| busybox | Rebuild with updated glibc |
| capstone | New upstream stable release; fix buffer overflow issue [CVE-2025-67873]; fix buffer underflow and overflow issue [CVE-2025-68114] |
| catatonit | Rebuild with updated glibc |
| cdebootstrap | Rebuild with updated glibc |
| chkrootkit | Rebuild with updated glibc |
| chrony | Open refclock writeable to maintain compatibility with newer kernels |
| civetweb | Fix denial of service issue [CVE-2025-9648]; fix buffer overflow issue [CVE-2025-55763] |
| ckb-next | Fix init script installation and initialisation; ensure cryptographic verification of firmware updates |
| clatd | Fix systemd unit installation; correct NetworkManager dispatcher install path; provide example configuration; ensure obsolete dispatcher script is removed on upgrade |
| condor | Rebuild with updated glibc |
| dar | Rebuild with updated glibc and openssl |
| debian-installer | Increase Linux kernel ABI to 6.12.73+deb13; rebuild against proposed updates |
| debian-installer-netboot-images | Rebuild against proposed-updates |
| debian-ports-archive-keyring | Add Debian Ports Archive Automatic Signing Key (2027); move 2025 signing key to the removed keys keyring |
| debsig-verify | Rebuild with updated dpkg |
| debvm | Only use the console in nographics mode; use correct variable name; autologin: prefer credentials to monkey patching unit; customize-resolved.sh: explicitly install systemd-resolved |
| deets | Rebuild with updated dpkg |
| direwolf | Fix stack buffer overflow [CVE-2025-34457] |
| distribution-gpg-keys | Update included keys |
| distrobuilder | Rebuild with updated incus |
| docker.io | Rebuild with updated glibc |
| dovecot | Fix possible crash in ldap userdb; fix crash in trash plugin; fix segfault when group ACLs are present but the user has no groups |
| dpkg | dpkg-query: Fix segfault with empty -S argument; Dpkg::OpenPGP: Do not run verify with no keyrings; Dpkg::Shlibs::Objdump::Object: Add support for Version Referencessymbols; Dpkg::OpenPGP::Backend::GnuPG: Add missing Dpkg::Gettext import; fix denial of service issue [CVE-2026-2219] |
| e2fsprogs | Rebuild with updated glibc |
| ejabberd | Remove old apparmor profile file |
| ejabberd-contrib | Rebuild with updated ejabberd |
| erlang | Fix excessive resource use issues [CVE-2025-48038 CVE-2025-48039 CVE-2025-48040 CVE-2025-48041]; fix traffic redirection issue [CVE-2016-1000107] |
| ffmpegfs | Fix incomplete listing of files in output directory |
| flatpak | New upstream stable release |
| fluidsynth | Fix null pointer dereference issue [CVE-2025-56225] |
| fonttools | Fix arbitrary file write issue [CVE-2025-66034] |
| glibc | Update from upstream stable branch; fix heap corruption issue [CVE-2026-0861]; fix stack contents leak issue [CVE-2026-0915]; fix uninitialized memory use issue [CVE-2025-15281]; switch currency symbol for the bg_BG locale to euro; fix a null pointer dereference in symbol lookup when the symbol version hash is zero; fix various optimized functions |
| gnome-shell | Revert inadvertently backported change that can cause the Shell UI to not appear on some systems |
| gnu-efi | Fix build of UEFI binaries for armhf |
| gnuais | Fix displaying the map in gnuaisgui |
| gnupg2 | Rebuild with updated glibc |
| gpsd | Fix out-of-bounds write issue [CVE-2025-67268]; fix denial of service issue [CVE-2025-67269] |
| grub-efi-amd64-signed | Fix ZFS root identification |
| grub-efi-arm64-signed | Fix ZFS root identification |
| grub-efi-ia32-signed | Fix ZFS root identification |
| grub2 | Fix ZFS root identification |
| ifupdown | Fix IPv6 DAD handling in ifup; correct dhclient invocation ordering for IPv6; restore correct executable path detection in ifup scripts |
| integrit | Rebuild with updated glibc |
| jaraco.context | Prevent path traversal [CVE-2026-23949] |
| libcap2 | Rebuild with updated glibc |
| libguestfs | Add dependency on isc-dhcp-client |
| libpng1.6 | Fix heap buffer overflow issues [CVE-2026-22801 CVE-2026-22695] |
| libsndfile | Fix memory leak issue [CVE-2025-56226] |
| linux-base | Use compatible hook dir names for headers packages |
| lxc | Fix data corruption during heavy IO on PTS; update lxc-default-with-nesting apparmor profile; rebuild with updated glibc |
| mariadb | New upstream stable release; fix arbitrary code execution issue [CVE-2025-13699]; fix denial of service issue [CVE-CVE-2026-21968]; use tmpfiles.d to generate runtime directory; fix upgrades from version 10.4 when encryption is enabled; fix innodb_linux_aio support |
| mpg123 | Do not modify raw ID3v2 data while parsing |
| node-proxy-agents | Fix path traversal issue [CVE-2026-27699] |
| open-iscsi | Fix discovery of staticnodes |
| openssh | Fix mistracking of MaxStartups process exits in some situations; fix possible code execution issues [CVE-2025-61984 CVE-2025-61985] |
| openssl | New upstream stable release |
| passt | Increase AppArmor ABI version to 4.0 to enable user namespace creation |
| pcsx2 | Fix code execution issue [CVE-2025-49589] |
| pdudaemon | Add missing dependency on setuputils |
| phpunit | Fix unsafe deserialization issue [CVE-2026-24765] |
| plastimatch | Repack to exclude non-free source files |
| policyd-rate-limit | Fix operation with Python >= 3.12 |
| postgresql-17 | New upstream stable release; fix buffer overrun issue [CVE-2026-2006] |
| python-cryptography | Fix missing validation in EC public key creation [CVE-2026-26007] |
| python-filelock | Fix TOCTOU symlink handling vulnerability in lock file creation [CVE-2025-68146] |
| python-multipart | Fix arbitrary file write issue [CVE-2026-24486] |
| python-os-ken | Accept empty OXMfields |
| python-pyspnego | Fix deprecation warnings |
| qemu | New upstream stable release; fix denial of service issues [CVE-2025-14876 CVE-2026-0665] |
| qtbase-opensource-src | Fix data races; X11: set fallback logical DPI to 96, fixing incorrect calculation |
| reprepro | Fix incorrect tracking data when copying packages |
| requests | Fix credential leak issue [CVE-2024-47081] |
| riseup-vpn | Support additional polkit providers |
| runit-services | Slim: start in foreground with -n; dbus-dep.fixer: correctly test for existing services definitions, only start dbus services, even with the sysv override |
| rust-ntp-proto | Fix excessive load issue [CVE-2026-26076] |
| rust-ntpd | Rebuild with rust-ntp-proto 1.4.0-4+deb13u1 to fix CVE-2026-26076 |
| rust-tealdeer | Update archive URL |
| samba | New upstream stable release |
| sash | Rebuild with updated glibc |
| scilab | Fix build failure |
| snapd | Rebuild with updated glibc |
| sqlite3 | Prevent integer overflow in FTSS extension [CVE-2025-7709]; add missing build dependency on pkgconf |
| starlette | Fix denial of service issue [CVE-2025-62727] |
| sudo | Only enable Intel CET on amd64; fix regression with sudoers.d filenames containing colons |
| suricata | Fix denial of service issues [CVE-2026-22258 CVE-2026-22259 CVE-2026-22261]; fix stack overflow issue [CVE-2026-22262]; fix heap overflow issue [CVE-2026-22264] |
| tayga | Fix EAM mapping for host addresses |
| tini | Rebuild with updated glibc |
| torsocks | Use correct environment variable; explicitly trigger ldconfig trigger |
| tripwire | Rebuild with updated glibc |
| tsocks | Rebuild with updated glibc |
| tzdata | New upstream release; Moldova has used EU transition times since 2022 |
| uglifyjs | Fix test failure |
| units | Update URLs to packetizer.com |
| user-mode-linux | Rebuild with updated linux |
| wget2 | Fix file overwrite issue with metalink [CVE-2025-69194]; fix remote buffer overflow [CVE-2025-69195] |
| wireless-regdb | New upstream stable release; update regulatory information for several countries |
| wireshark | New upstream stable release; fix USB HID dissector memory exhaustion [CVE-2026-3201]; fix RF4CE Profile dissector crash [CVE-2026-3203] |
| xen | New upstream stable release; fix buffer overrun issue [CVE-2025-58150]; fix incomplete vCPU isolation issue [CVE-2026-23553] |
| zabbix | New upstream stable release; fix data leakage issues [CVE-2025-27231 CVE-2025-27233 CVE-2025-27236 CVE-2025-27238 CVE-2025-49641]; fix denial of service issue [CVE-2025-49643] |
| zookeeper | Fix build failure by skipping some flaky tests |
| zsh | Rebuild with updated glibc |
Säkerhetsuppdateringar
Denna revision lägger till följande säkerhetsuppdateringar till den stabila utgåvan. Säkerhetsgruppen har redan släppt bulletiner för alla dessa uppdateringar:
Debianinstalleraren
Installeraren har uppdaterats för att inkludera rättningarna som har inkluderats i den stabila utgåvan med denna punktutgåva.
URLer
Den fullständiga listan på paket som har förändrats i denna revision:
Den aktuella stabila utgåvan:
Föreslagna uppdateringar till den stabila utgåvan:
Information om den stabila utgåvan (versionsfakta, kända problem osv.):
Säkerhetsbulletiner och information:
Om Debian
Debianprojektet är en grupp utvecklare av Fri mjukvara som donerar sin tid och kraft för att producera det helt fria operativsystemet Debian.
Kontaktinformation
För ytterligare information, vänligen besök Debians webbplats på https://www.debian.org/, skicka e-post till <press@debian.org>, eller kontakta gruppen för stabila utgåvor på <debian-release@lists.debian.org>.