I’ve been running my home lab since 2021 and honestly thought my update routine was solid: apt update && apt upgrade, reboot, job done.
Turns out I was wrong. I was checking CVE‑2026‑31431 (Copy Fail) this morning and realised that despite my “successful” updates, I was still running a vulnerable kernel from March.
I’ve had to rethink how I handle host updates. If you’re relying on a standard upgrade and a reboot to keep Proxmox or Debian hosts safe, you might want to check if yours is lying to you as well.
apt dist-upgrade is a necessary change to your process in place of just upgrade.
pacman -Syugoes brrrWhen a kernel update requires a change in dependencies, something Proxmox kernels do frequently, apt just quietly “keeps back” the package. It doesn’t fail, it doesn’t break the system, and it doesn’t trigger a rollback. It just waits for me to notice.
This should save a click for hopefully everyone.
Yes obviously, if you do not update the packages then they do not get updated.
If you do not read the output of a command then you will not notuce that.
This is specific to Debian and Ubuntu so why not being more specific in the title?




