I’ve been running my home lab since 2021 and honestly thought my update routine was solid: apt update && apt upgrade, reboot, job done.

Turns out I was wrong. I was checking CVE‑2026‑31431 (Copy Fail) this morning and realised that despite my “successful” updates, I was still running a vulnerable kernel from March.

I’ve had to rethink how I handle host updates. If you’re relying on a standard upgrade and a reboot to keep Proxmox or Debian hosts safe, you might want to check if yours is lying to you as well.

  • paris@lemmy.blahaj.zone
    link
    fedilink
    arrow-up
    18
    arrow-down
    2
    ·
    2 days ago

    The standard upgrade command has this behavior though, which is unexpected to people like me and the author. You need a specific flag to tell apt to actually upgrade everything which is not the behavior I expected.

      • pinball_wizard@lemmy.zip
        link
        fedilink
        arrow-up
        1
        ·
        36 minutes ago

        Lol.

        Let’s not defend this behavior by apt.

        I’ll die on many “linux is fine for just about everyone” hills.

        Getting apt to actually really honestly - I mean it this time - update everything - isn’t for everyone.

        Some of us just wait for our hardware to break down, and then reinstall the OS, fresh, instead.