The Update Conundrum
the.unknown-universe.co.uk
How a “kept back” Proxmox kernel left my home lab exposed to CVE‑2026‑31431 — why I now check upgradable packages and use apt full‑upgrade.

cross-posted from: https://lemmy.ml/post/46701277

I’ve been running my home lab since 2021 and honestly thought my update routine was solid: apt update && apt upgrade, reboot, job done.

Turns out I was wrong. I was checking CVE‑2026‑31431 (Copy Fail) this morning and realised that despite my “successful” updates, I was still running a vulnerable kernel from March.

I’ve had to rethink how I handle host updates. If you’re relying on a standard upgrade and a reboot to keep Proxmox or Debian hosts safe, you might want to check if yours is lying to you as well.

  • GreenKnight23@lemmy.worldEnglish
    2·
    14 days ago

    from my own experience, apt dist-upgrade removes old kernels, apt upgrade still installed the new kernel, grub updated and booted into the new kernel.

    all dist-upgrade did (for me) was delete the old kernels. which is something I would prefer not to do because it removes any ability to rollback should I absolutely need to.

    • oong3Eepa1ae1tahJozoosuu@lemmy.worldEnglish
      1·
      6 days ago

      Which distro? Debian for example always keeps two kernels: the curent one and the one in use before that, which is what I prefer, never had to rely on more than one backup kernel.

      • GreenKnight23@lemmy.worldEnglish
        1·
        6 days ago

        Debian. like the Debian.

        currently running Trixie on my daily and bookworm on a couple servers which will be upgraded to Trixie soon.