Debian Linux 13.6 is here with a serious Secure Boot warning you should not ignore

Debian 13.6 is now available, bringing a long list of security fixes, bug corrections, and updated packages to the stable Debian 13 “trixie” Linux distribution.

This is not a brand-new version of Debian, obviously, so existing users do not need to reinstall the operating system or replace their installation media. A normal system update using an up-to-date Debian mirror should be enough to get everything included in this point release.

The biggest issue here involves Secure Boot, and it is worth paying attention to. Seriously, folks, pay attention.

You see, Debian has updated fwupd to version 2.0.20, adding support for updating the Secure Boot certificate authority, Key Exchange Key, and DBX revocation databases. This is necessary because the 2013 Microsoft UEFI Secure Boot certificate authority installed on many PCs has now expired.

According to Debian, future updates to shim-signed could potentially leave some computers unable to boot with Secure Boot enabled. Users are being urged to install any available CA, KEK, and DBX updates provided by their computer manufacturer.

That sounds more serious than the usual point-release housekeeping. Anyone running Debian Linux with Secure Boot enabled should probably check for firmware updates before casually clicking through future shim updates.

Debian 13.6 also makes a less welcome change to the geoip-database package. Due to licensing restrictions, Debian has reverted it to a version containing location data from around December 2019.

That means software relying on the included database may produce outdated or inaccurate geographic information. Debian says newer GeoLite data does not comply with the Debian Free Software Guidelines, so users needing current information are encouraged to obtain a GeoLite license directly.

Beyond those two changes, Debian 13.6 includes a huge collection of fixes for packages such as Apache, curl, Calibre, GIMP, Mesa, QEMU, Samba, Wireshark, xz-utils, Python, LibreOffice, Chromium, Firefox ESR, Thunderbird, nginx, Redis, OpenVPN, and OpenSSL.

New Debian 13.6 installation images should be available soon, but current Debian 13 users can simply install the latest updates.

Debian point releases are usually boring, which is exactly how many Linux users like them. Debian 13.6 mostly cleans up security problems and serious bugs without changing the overall experience. Still, the Secure Boot warning is not something users should ignore.

Support independent tech journalism

NERDS.xyz is independently owned and operated. If you enjoy my coverage of Linux, AI, hardware, cybersecurity, and tech culture, consider supporting the site on Ko-fi.

Support NERDS.xyz
Avatar of Brian Fagioli
Written by

Brian Fagioli

Technology journalist and founder of NERDS.xyz

Brian Fagioli is a technology journalist and founder of NERDS.xyz. A former BetaNews writer, he has spent over a decade covering Linux, hardware, software, cybersecurity, and AI with a no nonsense approach for real nerds.

Leave a Comment