Debian update security only

On one of our servers, there was still just Debian Squeeze installed. If you really want to patch debian lenny check out this gist but rather consider updating to a newer distro! Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group.

Create a free Team What is Teams? Learn more. How to only install security updates on debian Ask Question. Asked 7 years, 3 months ago. Active 7 years, 3 months ago. Viewed 31k times. Improve this question. Harrys Kavan. Harrys Kavan Harrys Kavan 1, 3 3 gold badges 16 16 silver badges 27 27 bronze badges. Stable typically does not change otherwise. There are some packages that are just upgraded to the newest release e.

Hi - I'm also using Squeeze but I'm having trouble getting Bash to upgrade. Can you post the line s you changed in the sources. I would warn readers not to casually change squeeze to wheezy, because that is a major Debian upgrade. The 'wheezy' version of bash depends on newer versions of several core libraries, such as libc6, so you would be risking instability. If you need new packages that are not already there, you need to use the apt install command.

So, what should you use and what is the difference? Both are package management command line tools and there is a bit of history as to how the command evolved over the years. The apt CLI is the more recent made available since Ubuntu It is clearer in explaining what exactly it is doing, the options that come with apt are considered to be more user friendly and covers the range of frequently used options for the average user.

The apt-get CLI, on the other hand, is more low level and contains a lot more options that are for the advanced user. So how does one typically sequence these commands? Once you are comfortable with what each of these does, you can combine them together into a single command that can be set up for automated regular execution.

More about that in later sections. Here are a couple of screen captures to illustrate what you would see for some of the above commands. The -y option installs it silently without you having to prompt again. Side Note: This is one example of how the apt is more user- friendly than the apt-get. You would not see the progress bar in the apt-get. Some users may prefer the UI way of upgrading packages as it gives neat visual steps that tells you details of the packages that makes easy reading and unlike the CLI, prompts you that a restart of the system is required after install if needed.

The GUI way of upgrading is easy to do if you have only one or two systems to manage, personal installations and only on systems which have gnome or alternative desktop available.

Depending on your system - there are many different ways to get to the GUI. Click on Details twisty to check the listing and description of the packages that will get upgraded. A dialogue box will appear to ask you for permission to install the updates right now or later.

The equivalent of this in the CLI is to upgrade only the required package instead of a general upgrade on all packages. Once the updated version of Ubuntu and the updated packages are installed on your system, a window may appear asking you to restart your system in order for the changes to take effect.

Updating Debian via CLI uses the exact same set of commands as already demonstrated in the Ubuntu section. Ubuntu is the newer operating system based on the older Debian.

They are very similar in many aspects and in the context of this article, the same commands for upgrade can be used. Depending on your system setup, there may be several ways of getting to the GUI. It is a key with Windows logo if you are on a Windows machine. If it is an Apple keyboard it is the Command key. Type "gnome-software" and click on the software icon. Click on the Updates tab on the popup as shown in the image.

If there are updates available, it will show here. Click on Download. Sometimes, there is a need to block specific packages from getting upgraded as your application may have some dependencies on the specific version and upgrading it may have a detrimental effect on the application behaviour. You still want to upgrade all other packages in the system except those specific packages.

Show 2 more comments. I notice only now this post. It is extremely precise. I can't find it in Ubuntu Trusty. I did find "needrestart" which looks like it would fit in your instructions? It can be found in debian-goodies package: packages. There's also needrestart. Is this something specific to one of the updates or the commands you've provided? Show 5 more comments. Ressu Ressu Thanks for taking time for a thorough answer. I think I understand how it works.

It's very strange to me, but may mean something to you. You can see what is going on with apt-cache policy command. Pick one of the packages that isn't getting a security fix and run apt-cache policy packagename. This will list the priorities for various versions. You should see various lines and different priorities.

If there are no lines with the priority 50, the pinning isn't affecting the packages in question for some reason. I had followed this answer in the past. Today I found out that due to this answer, 68 security update packages were NOT installed on my server and didn't show up as potential install candidates. Add a comment. The following is confirmed in Ubuntu Use the unattended-upgrade package. Now, to run manually: sudo unattended-upgrade. To test as a dry-run, without doing anything: sudo unattended-upgrade --dry-run.

Is there a way to make this a monthly schedule? This accidentally? Which is prefect for my purpose, where a pretty much unattended system has an out of tree kernel module that's tedious to compile after each kernel update. But I have not checked it. So there the text 'security' is not in there. Micah Butler Micah Butler 1 1 silver badge 1 1 bronze badge.

I just tested it with apt and it works. Yeah, that's a possibility. I'll look into it. Then I re-enabled all my repos, ran sudo apt-get updatee , and opened Update Manager. The packages marked as security updates were not exactly what apt-get upgrade found, but they were very close -- close enough for me.

I still wish I knew exactly how Update Manager does it and how to do the same from the command-line, but this will do. Needed to check what is new. No release update. Eric Carvalho