Debian 12.7 Release: Security Updates, UEFI Shim Changes, and Upgrade Instructions

The Debian project recently released Debian 12.7, the newest update in the "Bookworm" series, primarily delivering vulnerability fixes and security patches.

Important Updates and Impact

UEFI Boot Changes: Shim 15.8 – Debian 12.7 introduces Shim 15.8, a simple bootloader for UEFI systems. This may affect dual‑boot users with Secure Boot enabled, as the new version revokes the signature of the previous Shim, potentially preventing boot in Secure Boot mode. Users can temporarily disable Secure Boot, apply the update, and re‑enable it.

Security Enhancements: Microcode Updates – The update strengthens the amd64-microcode and intel-microcode packages, fixing recently discovered processor vulnerabilities.

Other Key Security Updates

Debian 12.7 also updates Ansible and Apache2 to mitigate key‑leak and content‑leak risks, respectively. Additional component fixes include Calibre (remote execution and XSS vulnerabilities) and systemd (hardware compatibility, performance, and stability improvements).

How to Upgrade to Debian 12.7

Since Debian 12.7 does not introduce new features, users of Debian 12 can upgrade with the following command:

sudo apt update && sudo apt upgrade

The release announcement lists detailed changes, and the full package list is available on the official Debian page.

Older Release Update: Debian 11

Debian 11 "Bullseye", now marked as "oldstable", has been updated to version 11.11, fixing 50 vulnerabilities and providing 27 security updates for packages such as Plasma Desktop, Firefox ESR, LibreOffice, Exim, OpenJDK, FFmpeg, PostgreSQL, NVIDIA, and libvirt. Users are encouraged to upgrade promptly.

Summary

Debian 12.7 brings essential security patches and fixes that enhance system safety and stability. Updating promptly protects against known vulnerabilities, and users moving from Debian 11 to Debian 12 should follow the official upgrade guide for a smooth transition.