The Update Conundrum
the.unknown-universe.co.uk
How a “kept back” Proxmox kernel left my home lab exposed to CVE‑2026‑31431 — why I now check upgradable packages and use apt full‑upgrade.

I’ve been running my home lab since 2021 and honestly thought my update routine was solid: apt update && apt upgrade, reboot, job done.

Turns out I was wrong. I was checking CVE‑2026‑31431 (Copy Fail) this morning and realised that despite my “successful” updates, I was still running a vulnerable kernel from March.

I’ve had to rethink how I handle host updates. If you’re relying on a standard upgrade and a reboot to keep Proxmox or Debian hosts safe, you might want to check if yours is lying to you as well.

  • actionjbone@sh.itjust.works
    12·
    18 hours ago

    Thanks for sharing this. I’m very confident with Linux, but I hadn’t thought about this!

    Your blog post was concise, too. I hate scrolling forever before finding the solution.

    • TheIPW@lemmy.mlOP
      5·
      17 hours ago

      Glad you found it useful. I’m the same, I can’t stand those long posts that make you read a life story before getting to the commands, even worse when a page is riddled by ads or behind a paywall!

      I figured if I’d missed it, a few other people probably had too.