Debian apt-get upgrade How to install only security updates?
Solution 1
Debsecan (Debian Security Analyzer) is better for manual upgrade and it can produce clear output. There are CVEs for detail information too. At first install debsecan:
sudo apt-get install debsecan
Get your distribution codename of Debian. For example:
cat /etc/os-release
And now install all security updates (instead of buster choose your suite detected from previous command. Values can be 'woody', 'sarge', 'etch', 'lenny', 'squeeze', 'wheezy', 'jessie', 'stretch', 'buster', 'bullseye' ... etc):
sudo apt-get install $(debsecan --suite buster --format packages --only-fixed)
All CVEs can be listed before the upgrade (use --format detail for detailed output):
debsecan
for example part of summary output:
Solution 2
The package unattended-upgrades installs only security upgrades by default. You can configure it to install them automatically, or just call it with:
sudo unattended-upgrade
More information on how to get it running properly: https://wiki.debian.org/UnattendedUpgrades
isevcik
Updated on June 28, 2022Comments
-
isevcik almost 2 years
How to install only security updates in Debian? When I run apt-get upgrade, apt will offer all updates.
-
Ortomala Lokni over 9 yearsCan you give some explanations?
-
jpaugh over 7 years@OrtomalaLokni Here's a similar answer with a better explanation.
-
jpaugh over 7 yearsThis answer would be useful here, where it will get more attention.
-
jpaugh over 7 yearsThis package does not appear to be maintained for Ubuntu, as it lacks suites for Ubuntu's releases, so I'm not sure it's useful there.
