How to install only security updates in Debian? When I run apt-get upgrade, apt will offer all updates.
Debsecan (Debian Security Analyzer) is better for manual upgrade and it can produce clear output. There are CVEs for detail information too. At first install debsecan:
sudo apt-get install debsecan
Get your distribution codename of Debian. For example:
cat /etc/os-release
And now install all security updates (instead of buster choose your suite detected from previous command. Values can be 'woody', 'sarge', 'etch', 'lenny', 'squeeze', 'wheezy', 'jessie', 'stretch', 'buster', 'bullseye' ... etc):
sudo apt-get install $(debsecan --suite buster --format packages --only-fixed)
All CVEs can be listed before the upgrade (use --format detail for detailed output):
debsecan
for example part of summary output:
The package unattended-upgrades installs only security upgrades by default. You can configure it to install them automatically, or just call it with:
sudo unattended-upgrade
More information on how to get it running properly: https://wiki.debian.org/UnattendedUpgrades
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With