I run the command “sudo apt update && sudo apt upgrade -y” regularly to keep my systems updated. But it has been several months since my piware system has received any updates. Is this expected?
Recent years we’ve had one new version of piaware in late autumn or early winter, then a couple of patches after initial release.
Yes, there haven’t been many updates recently to the light installation of the raspberry pi OS
There have been a few more if you have the GUI installed.
Agree with the answer from @LawrenceHill, but what about the kernel? My SD card 8.2 install is running 6.1.21 which was installed in early May. There have been several security updates to the kernel since, but none have been passed on. My laptop which upgraded to Debian 12 in June came with the 6.1 kernel and has had several updates since then - currently at 6.1.52.
Mine is the same.
I see there is a build file for 6.1.52 on Github if you want to go for the bleeding edge but Raspberry pi OS take a more cautious approach to kernel updates.
See:
And see rpi-update in:
Yes, I previously poked around the kernel archives and saw updated kernels there. I have no need to be “bleeding edge” but to rephrase my question - why are security updates only addressing CVEs not passed along expeditiously? Post #2 in this short thread on the RPi forums answered my question and confirmed a suspicion of a lack of resources/time. Quote from post:
I try to keep security in mind as much as possible and if anything slips by and is reported, we’ll try to address it ASAP. But, we don’t have a security team like Debian does to track every single CVE.
1 Like
If security from external connections is a factor, you can mitigate a lot of potential problems by putting it behind a reverse proxy - I use nginx to handle incoming connections which then talks to the pi locally, so visitors are only ever connecting to the nginx machine. Since that’s used so widely it has regular security updates and is a bit more of a known quantity, rather than relying on whatever cobbled together web server a lot of small services use.
If you don’t have the capability to do that, you could put the pi on a separate vlan to keep it isolated from other machines on the network in case it does get compromised. Many routers allow creating a second ‘guest’ wifi network for that purpose.
If local privilege escalations are a concern, you probably have bigger problems anyway.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.