Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Debian apt-get upgrade How to install only security updates?

Tags:

debian

apt

How to install only security updates in Debian? When I run apt-get upgrade, apt will offer all updates.

like image 252
isevcik Avatar asked May 02 '14 15:05

isevcik


2 Answers

Debsecan (Debian Security Analyzer) is better for manual upgrade and it can produce clear output. There are CVEs for detail information too. At first install debsecan:

sudo apt-get install debsecan

Get your distribution codename of Debian. For example:

cat /etc/os-release

And now install all security updates (instead of buster choose your suite detected from previous command. Values can be 'woody', 'sarge', 'etch', 'lenny', 'squeeze', 'wheezy', 'jessie', 'stretch', 'buster', 'bullseye' ... etc):

sudo apt-get install $(debsecan --suite buster --format packages --only-fixed)

All CVEs can be listed before the upgrade (use --format detail for detailed output):

debsecan

for example part of summary output:

debsecan summary output

like image 172
elpresidento Avatar answered Nov 07 '22 15:11

elpresidento


The package unattended-upgrades installs only security upgrades by default. You can configure it to install them automatically, or just call it with:

sudo unattended-upgrade

More information on how to get it running properly: https://wiki.debian.org/UnattendedUpgrades

like image 39
donpolilla Avatar answered Nov 07 '22 14:11

donpolilla