How to: Install Security Updates from the command line in Ubuntu

Lately as I log in to an Ubuntu box I get messages indicating that there are security updates available for Ubuntu but I have struggled to get them installed.

13 packages can be updated.
13 updates are security updates.

Traditional one would use apt-get update; apt-get upgrade to perform updates to the system like so:

sudo apt-get update && sudo apt-get upgrade

but you might come across certain packages that have dependencies that apt-get might struggle to resolve and hence decide it should not mess with them. In that scenario you should use another package management system such as aptitude which might allow you to install those packages apt-get could not. If that is the case you might run in to a system message like this one:

The following packages have been kept back

In that case as I mentioned you could rely on aptitude to get those updates deployed. Here is an example:

sudo aptitude safe-upgrade

Keep in mind the following: The upgrade parameter is obsolete, hence we use safe-upgrade. If you are using an older version you might need to use the update parameter though. Updating the distribution work also with aptitude. You can do so with the following command line:

sudo aptitude dist-upgrade

Also, I’ve included a few useful commands when looking into updating your system:

Unattended-Upgrade

Who doesn’t want to simply forget about applying critical updates to their system? Well, you can! Unattended-Upgrade allows you to install critical updates automatically without having to do it manually as the name implies. In the latest Ubuntu distributions deployed in Windows Azure this package comes pre-installed, but not all systems come with it so you might need to manually install it using the following command line:

sudo apt-get install unattended-upgrades

One it is installed, you can launch the wizard (it will only ask if you want to do automatic updates or not) by launching the application:

sudo unattended-upgrade

Also you could use the following to reconfigure:

sudo dpkg-reconfigure -plow unattended-upgrades

Sort through Updates

There are also ways to show only the security updates and deploy those (sometimes updating packages is a delicate process as you don’t want to break anything without testing it but security updates might be too critical to wait for testing)

• Show security updates only:

apt-get -s dist-upgrade |grep "^Inst" |grep -i securi

or

unattended-upgrade --dry-run -d

or

/usr/lib/update-notifier/apt-check -p

• Show all upgradeable packages

apt-get -s dist-upgrade | grep "^Inst"

• Install security updates only

apt-get -s dist-upgrade | grep "^Inst" | grep -i securi | awk -F " " {'print $2'} | xargs apt-get install