- cross-posted to:
- linux@lemmy.ml
- cross-posted to:
- linux@lemmy.ml
cross-posted from: https://lemmy.ml/post/46701277
I’ve been running my home lab since 2021 and honestly thought my update routine was solid: apt update && apt upgrade, reboot, job done.
Turns out I was wrong. I was checking CVE‑2026‑31431 (Copy Fail) this morning and realised that despite my “successful” updates, I was still running a vulnerable kernel from March.
I’ve had to rethink how I handle host updates. If you’re relying on a standard upgrade and a reboot to keep Proxmox or Debian hosts safe, you might want to check if yours is lying to you as well.
You must log in or # to comment.
Hmm. Welp. Let’s try. See what happens.
The nice thing about zypper is the various patch options and reporting. Gives you a good picture of what CVEs, rating, and if installed, needed, not needed etc. Does Apt have something similar?
Ooof, scared me there for a second. Good thing I am using Dist-Upgrade in my ansible scripts.
Is this just a Proxmox thing? I’m running Debian on my server, and as far as I know, the kernel has always upgraded properly when there’s a new one available.
from my own experience,
apt dist-upgraderemoves old kernels,apt upgradestill installed the new kernel, grub updated and booted into the new kernel.all dist-upgrade did (for me) was delete the old kernels. which is something I would prefer not to do because it removes any ability to rollback should I absolutely need to.
Which distro? Debian for example always keeps two kernels: the curent one and the one in use before that, which is what I prefer, never had to rely on more than one backup kernel.
Debian. like the Debian.
currently running Trixie on my daily and bookworm on a couple servers which will be upgraded to Trixie soon.
