How to patch Debian

Q: How do I check which version of Debian I am running?

Use: cat /etc/debian_version —or— lsb_release -a (Terminal). Record the result before and after patching to confirm the update applied.

Debian · Operating System · 5 steps · Debian security status → · updated June 2026

Debian security fixes arrive through apt from the security suite, tracked as Debian Security Advisories (DSA). Apply them regularly, reboot when the kernel changes, and move off releases once they reach end-of-life.

actively exploited (KEV)

2,000

tracked CVEs

13.5

latest supported

Debian has 18 actively-exploited vulnerabilities on the CISA KEV list — patching is urgent.

Check your current version first

Before you patch, record what you're running (Terminal):

cat /etc/debian_version   —or—   lsb_release -a

Or paste your version into the checker for an instant verdict.

Step by step

Check your release

Run lsb_release -a to confirm which Debian release (and codename) you are on.

Apply security updates

Run sudo apt update && sudo apt upgrade (use full-upgrade if packages need adding/removing). Enable unattended-upgrades to automate security patches.

Reboot if required

If the kernel or libc updated, reboot — check for /var/run/reboot-required.

Upgrade the release when needed

For a major upgrade, point sources.list at the new codename and run apt full-upgrade, following the official Debian release notes.

Cover end-of-life releases

When a release leaves "oldstable", it moves to Debian LTS and then end-of-life — plan to upgrade before fixes stop.

Watch out for:

A patched kernel only protects you after a reboot — do not skip it.
Track DSAs; past-EOL Debian releases stop receiving security fixes.

Official sources

Advisory: Debian Security Advisories (DSA) ↗
Download: Debian releases ↗

Don't patch blind. Debian has 18 actively-exploited vulnerabilities on the CISA KEV list — patching is urgent. See exactly which versions are safe and what you're exposed to.

Debian security status →

Stay ahead of the next one

Debian security status & health score — score, open CVEs and safe version.
Debian vulnerabilities — the full CVE list and what's exploited.
Debian end-of-life dates — don't run a release that's stopped getting fixes.
Monitor Debian — get an email alert the moment a new exploited vulnerability lands.

Frequently asked questions

What is the latest version of Debian?

As of June 2026, the latest supported Debian release we track is 13.5. Patch to the current release on your branch and confirm the version after updating.

How do I check which version of Debian I am running?

Use: cat /etc/debian_version —or— lsb_release -a (Terminal). Record the result before and after patching to confirm the update applied.

Is Debian being actively exploited right now?

Yes — 18 Debian vulnerabilities are on the CISA Known Exploited Vulnerabilities (KEV) list, so attackers are using them in the wild. Patch promptly. See the exploitation radar.

How do I patch Debian safely without breaking production?

Always test in a non-production environment first, take a backup or snapshot, follow the official vendor advisory, and have a tested rollback. Patch one node at a time for clustered or high-availability setups.

Patch steps are general, well-established guidance for Debian — always test in a non-production environment first and follow the official Debian advisory for your exact version. IsItPatched is independent and not affiliated with Debian; this is not a substitute for vendor documentation. See our disclaimer.

← All patching guides · Security guides →