[CVE-2026-43284 "Dirty Frag"] Upgrade your system packages

jarod5001 · May 22, 2026, 5:50am

Why? You could come ask here. You could also turn off the server.

Don’t take complex decisions when you panic

Pinipon · May 22, 2026, 6:31am

A quick search (or in this forum) would have led you to a manual mitigation of the issue while waiting for a proper update.
I don’t know where you got the news from, but most of them had that mitigation step in the same article, even the original github post had it

Dr.Wily · May 29, 2026, 10:58am

Bonjour,

J’aurai également aimé mettre a jour mon système mais Yunohost m’indique que tout est à jour, un apt update / upgrade me dit la même chose. Un uname -a m’indique Linux 5.10.0-21-amd64 #1 SMP Debian 5.10.162-1 (2023-01-21) x86_64 GNU/Linux

Enfin dans le source.list d’apt j’ai ça :

deb  http://ftp.debian.org/debian` bookworm main contrib deb-src  http://ftp.debian.org/debian bookworm main contrib non-free-firmware`

## YunoHost repository
deb [signed-by=/usr/share/keyrings/yunohost-bookworm.gpg]  http://forge.yunohost.org/debian/` bookworm stable deb  http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware`

deb  http://security.debian.org/debian-security` bookworm-security main contrib non-free non-free-firmware deb-src  http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware`

# bookworm-updates, previously known as 'volatile'
deb  http://ftp.debian.org/debian` bookworm-updates main contrib non-free non-free-firmware deb-src  http://ftp.debian.org/debian bookworm-updates main contrib non-free non-free-firmware`

Là je dois dire que je ne comprends pas bien pourquoi il ne retrouve aucune mise à jour et qu’il m’est impossible de corriger cette faille rapidement…

Zinkie · June 1, 2026, 5:15am

I’m having the same problem as the previous poster. I’ve updated and it says:

Nothing to do. Everything is already up-to-date.

…but uname -r shows:

Linux MYDOMAIN 5.10.0-23-amd64 #1 SMP Debian 5.10.179-1 (2023-05-12) x86_64 GNU/Linux

So, how to get the updates?

tituspijean · June 1, 2026, 5:21am

@Zinkie @Dr.Wily are you running YunoHost in a container ? If so, the hosts’ kernel version is shown (and should be updated).

In both cases, a reboot is required to apply kernel updates.

marco · June 1, 2026, 8:35pm

Hi, same for me here. I run Yunohost on a RPi 3B+.

My confg:
yunohost:
repo: stable
version: 12.1.40.1
yunohost-admin:
repo: stable
version: 12.1.14
yunohost-portal:
repo: stable
version: 12.1.2
moulinette:
repo: stable
version: 12.1.3
ssowat:
repo: stable
version: 12.1.1
/etc/apt/sources.list content is:

deb http://raspbian.raspberrypi.org/raspbian/ bookworm main contrib non-free rpi firmware

uname -a returns:

Linux MYDOMAIN 6.12.20-v7+ #1867 SMP Wed Mar 26 12:45:01 GMT 2025 armv7l GNU/Linux

I did update, upgrades and reboot.

Dr.Wily · June 3, 2026, 9:39pm

Yunohost or Debian blocks kernel updates unless they are strictly necessary. This is a core feature of Debian. This topic talk about this issue.

To force a kernel update on a Debian system running Yunohost, you need to enter the following command :

apt update && sudo apt install linux-image-amd64

before you can check if a new kernel is available with :

apt policy linux-image-amd64

marco · June 4, 2026, 8:37pm

On my RPi 3B+, sudo apt policy linux-image-amd64 returns:
N: Unable to locate package linux-image-amd64

but it is not running Debian but Raspbian.

Pinipon · June 4, 2026, 10:56pm

This isn’t true anymore, that statement is really old and outdated.
Debian (and therefore Yunohost) updates kernel regularly, simply using the webadmin updates section will update the kernel, then it’s necessary to reboot to start using the latest kernel.

Dr.Wily · June 5, 2026, 9:11am

Maybe… but in my case the kernel was stuck in 5.10.162-1 :

A dpkg -l linux* | grep ii returned this :

ii linux-base 4.9 all Linux image base package
ii linux-image-5.10.0-21-amd64 5.10.162-1 amd64 Linux 5.10 for 64-bit PCs (signed)

ii linux-libc-dev:amd64 6.1.174-1 amd64 Linux support headers for userspace development

An apt policy linux-image-amd64 returned this :

linux-image-amd64:
Installé : (aucun)
Candidat : 6.1.174-1

Table de version : 6.1.174-1 500 https://security.debian.org/debian-security` bookworm-security/main amd64 Packages      6.1.170-3 500         500  https://deb.debian.org/debian bookworm/main amd64 Packages      5.10.162-1 -1         100 /var/lib/dpkg/status

Neither the Yunohost admin panel nor apt-upgrade could find the new kernel. However, running the command apt update && sudo apt install linux-image-amd64 forced the installation of the new kernel that was pending.

No, that’s not the case.

Here, I’m offering a solution that works and is risk-free. I could easily have done nothing and kept the solution to myself.

That sort of answer isn’t helpful, and does even less to encourage people to help out on this forum.

On Rasberry CPU is ARM not X86 AMD64. You should use : apt update && sudo apt install linux-image-arm64

Replace “adm64” by “arm64”

Pinipon · June 5, 2026, 10:44am

This would probably break the other user’s RPi boot. Raspberry pi uses a different kernel.

@marco you could run apt policy linux-image-rpi-v7 to check the latest kernel, and sudo apt update && apt full-upgrade (or update using the webadmin updates section) to upgrade if necessary.

However AFAIK the raspberry pi kernel hasn’t fixed dirty frag yet, you can still mitigate that risk manually if you want to.