azorius.vedetta.com

Turns out I have been updating wrong all this time! 🤦🏼 (the.unknown-universe.co.uk)
from otter@lemmy.ca to selfhosted@lemmy.world on 01 May 19:41
https://lemmy.ca/post/64223221

cross-posted from: lemmy.ml/post/46701277

I’ve been running my home lab since 2021 and honestly thought my update routine was solid: apt update && apt upgrade, reboot, job done.

Turns out I was wrong. I was checking CVE‑2026‑31431 (Copy Fail) this morning and realised that despite my “successful” updates, I was still running a vulnerable kernel from March.

I’ve had to rethink how I handle host updates. If you’re relying on a standard upgrade and a reboot to keep Proxmox or Debian hosts safe, you might want to check if yours is lying to you as well.

#selfhosted

threaded - newest

tofu@lemmy.nocturnal.garden on 01 May 20:01 next collapse

You’re not supposed to run apt upgrade in Proxmox at all, it may even break your system. Use dist-upgrade.

pve.proxmox.com/pve-docs/chapter-sysadmin.html#sy…

TheIPW@lemmy.ml on 01 May 21:10 next collapse

dist-upgrade and full-upgrade are essentially the same command but yeah, I won’t be using apt upgrade again in the future! Like I said in my post, the joys of being self taught is that you learn by my making mistakes and that’s part of the “fun” 🤣

frongt@lemmy.zip on 01 May 21:20 next collapse

Not essentially, exactly. One is a deprecated alias for the other.

Infernal_pizza@lemmy.dbzer0.com on 02 May 02:58 collapse

Which one is which?

whyNotSquirrel@sh.itjust.works on 02 May 06:04 next collapse

I thought full-upgrade replaced dist-upgrade that could make you think you’re upgrading you distro to the next version

But now I’m not sure anymore.

K3can@lemmy.radio on 02 May 07:54 collapse

Correct. Full-upgrade is the new term. It’s an alias, though, so using either will accomplish the same thing.

Staff@piefed.world on 02 May 08:36 collapse

dist-upgrade was used with apt-get full-upgrade is used for apt

MalReynolds@slrpnk.net on 02 May 01:36 collapse

Nah, the fun is learning form others mistakes. Thanks for a fun read :}

LeTak@feddit.org on 01 May 23:50 collapse

Just don’t use any command in proxmox. Proxmox is designed GUI first. It got an update button in the GUI. Only major releases could need tinkering in the terminal. But even changing repos is now possible in the GUI.

tofu@lemmy.nocturnal.garden on 02 May 00:06 collapse

Gets annoying soon if you have more than one host. Easily automated with Ansible

suzune@ani.social on 01 May 21:07 next collapse

I’ve seen that the patches are only available in the debian-security repository. It’s important to review your repo list in /etc/apt/sources.list.d.

frongt@lemmy.zip on 01 May 21:26 collapse

Proxmox does not use the standard debian kernel.

suzune@ani.social on 01 May 23:15 collapse

Yes, I referred to the Debian part only.

Mister_Hangman@lemmy.world on 01 May 23:44 next collapse

Hmm. Welp. Let’s try. See what happens.

prenatal_confusion@feddit.org on 02 May 01:50 next collapse

Ooof, scared me there for a second. Good thing I am using Dist-Upgrade in my ansible scripts.

BCsven@lemmy.ca on 02 May 09:27 next collapse

The nice thing about zypper is the various patch options and reporting. Gives you a good picture of what CVEs, rating, and if installed, needed, not needed etc. Does Apt have something similar?

KairuByte@lemmy.dbzer0.com on 02 May 13:16 collapse

I mean, you could just use the proxmox UI for updates. Single point for all servers, just click in and hit update. It explicitly runs dist-upgrade already.