The Update Conundrum
the.unknown-universe.co.uk
How a “kept back” Proxmox kernel left my home lab exposed to CVE‑2026‑31431 — why I now check upgradable packages and use apt full‑upgrade.

cross-posted from: https://lemmy.ml/post/46701277

I’ve been running my home lab since 2021 and honestly thought my update routine was solid: apt update && apt upgrade, reboot, job done.

Turns out I was wrong. I was checking CVE‑2026‑31431 (Copy Fail) this morning and realised that despite my “successful” updates, I was still running a vulnerable kernel from March.

I’ve had to rethink how I handle host updates. If you’re relying on a standard upgrade and a reboot to keep Proxmox or Debian hosts safe, you might want to check if yours is lying to you as well.

  • GreenKnight23@lemmy.worldEnglish
    2·
    6 hours ago

    from my own experience, apt dist-upgrade removes old kernels, apt upgrade still installed the new kernel, grub updated and booted into the new kernel.

    all dist-upgrade did (for me) was delete the old kernels. which is something I would prefer not to do because it removes any ability to rollback should I absolutely need to.