The Debian Project has officially announced the release of Debian 13.5, the fifth point update to its current stable distribution codenamed “Trixie.” Released on May 16, 2026 — roughly two months after Debian 13.4 — this maintenance update consolidates security patches, bug fixes, and installer improvements into a single refreshed installation image.

As with all Debian point releases, version 13.5 does not constitute an entirely new operating system release. Users who have been keeping their systems updated through security.debian.org will already have received most of these fixes automatically and require no special action. The primary value of a point release is for new installations: fresh media now includes all accumulated fixes, eliminating the need to download hundreds of update packages immediately after setup.

144 Bug Fixes
103 Security Updates
6.12 Kernel LTS Series

🔐 Security Fixes and Kernel Patches

The centerpiece of this release is its security scope. Debian 13.5 ships 103 security advisories alongside 144 miscellaneous bug fixes. Among the most significant are new Linux kernel patches targeting three notable vulnerabilities: Copy Fail, Dirty Frag, and ssh-keysign-pwn. Beyond the kernel, the release addresses a privilege escalation flaw in Bubblewrap, a code execution vulnerability in Cockpit, buffer overflows across multiple packages, an overly broad permission issue in the nano text editor, denial-of-service issues in various PHP components, and a range of X.Org Server security fixes.

Users who regularly apply updates via security.debian.org are already protected — this point release is primarily a consolidated checkpoint for fresh deployments and updated installation media.

📦 Core Package Updates

A wide sweep of system components received updates. Highlights include:

  • Apache
  • OpenSSH
  • nginx
  • glibc
  • systemd
  • sudo
  • Python 3.13
  • FreeRDP
  • Exim
  • curl
  • rsync
  • firewalld
  • nano
  • X.Org Server
  • Firefox ESR
  • Thunderbird
  • Chromium
  • LibreOffice
  • OpenSSL
  • Wireshark
  • Tor
  • jq
  • libarchive

The Apache web server update addresses multiple serious issues including use-after-free bugs, privilege escalation paths, authentication bypass, null pointer dereferences, HTTP response splitting, and out-of-bounds read vulnerabilities. OpenSSH patches cover problems in scp behavior, command execution handling, key algorithm processing, ProxyJump logic, and authorized_keys parsing. Systemd has been updated to a new stable build that fixes a code execution vulnerability and a container escape in nspawn environments. The glibc update improves DNS response handling and corrects assertion failures under edge cases with invalid hostnames.

Additionally, a number of packages received updates specifically for improved Python 3.13 compatibility, and a bug causing illegal CPU instructions on RISC-V 64-bit systems when using GRUB EFI was resolved.

One notable removal: the dav4tbsync package has been dropped from the archive, as its CalDAV/CardDAV sync functionality is now natively integrated into Thunderbird 140.

💿 Installer and Live Images

The Debian installer has been updated to integrate all fixes from this release. It now ships with Linux ABI version 6.12.86+deb13. Live images continue to offer a broad selection of desktop environments for users who want an out-of-the-box graphical experience:

KDE Plasma6.3.6
GNOME48
Xfce4.20
Cinnamon6.4.10
LXQt2.1
MATE1.26.1
LXDE0.11.1
IceWM“Junior” edition

The newly added “Junior” variant features the lightweight IceWM window manager, expanding the options available for minimal or older-hardware deployments. Live images target 64-bit (AMD64) systems.

🌍 Supported Architectures

Full installation images support the following architectures:

amd64 arm64 armhf ppc64el s390x riscv64

Note: i386 (32-bit x86) no longer has a dedicated installer in Debian 13. 32-bit support exists only as a co-architecture for running legacy 32-bit software on 64-bit amd64 systems.

🔄 How to Upgrade

Existing Debian 13 users can upgrade to 13.5 with a standard APT command:

sudo apt update && sudo apt full-upgrade

To verify your current Debian version after upgrading:

cat /etc/debian_version
13.5

Graphical package managers such as Synaptic can also perform the upgrade for users who prefer a GUI workflow. New installation media will be available shortly at the standard Debian download locations.

Debian 13.5 exemplifies the project’s reliability-first philosophy: no headline new features, but a significant accumulation of security hardening and stability work delivered on a predictable cadence. For those deploying fresh systems, the updated ISO is now the recommended starting point. For existing users, keeping the system regularly updated remains all that is needed to stay current.

Debian 13 “Trixie” is supported until August 9, 2028, with an additional two years of Long Term Support (LTS) through June 30, 2030.