The Update Conundrum
the.unknown-universe.co.uk
How a “kept back” Proxmox kernel left my home lab exposed to CVE‑2026‑31431 — why I now check upgradable packages and use apt full‑upgrade.

I’ve been running my home lab since 2021 and honestly thought my update routine was solid: apt update && apt upgrade, reboot, job done.

Turns out I was wrong. I was checking CVE‑2026‑31431 (Copy Fail) this morning and realised that despite my “successful” updates, I was still running a vulnerable kernel from March.

I’ve had to rethink how I handle host updates. If you’re relying on a standard upgrade and a reboot to keep Proxmox or Debian hosts safe, you might want to check if yours is lying to you as well.

  • paris@lemmy.blahaj.zone
    0·
    12 days ago

    The standard upgrade command has this behavior though, which is unexpected to people like me and the author. You need a specific flag to tell apt to actually upgrade everything which is not the behavior I expected.

      • fuckwit_mcbumcrumble@lemmy.dbzer0.comEnglish
        12·
        8 days ago

        Sure in the gigantic wall of text. Also it doesn’t tell you why, or what to do about it. All they’d have to do is say “run dist-upgrade to update these packages.”

        • ShortN0te@lemmy.ml
          21·
          7 days ago

          Sure in the gigantic wall of text. Also it doesn’t tell you why, or what to do about it. All they’d have to do is say “run dist-upgrade to update these packages.”

          It is literally in the summary that gets presented in the last few lines before you have to press Y to continue.

          Since you are already overwhelmed by the wall of text, you would probably not read the suggestion antways.