Do I need to install Security updates for Ubuntu base?

Solution 1:

It is important to install the latest security updates to help protect your system.

Ubuntu base is the collective name for the tools and services and core parts of the Operating System and the following applies equally to any software installed, including what is categorised as Ubuntu based as mentioned in the question.

There are situations where NOT installing security updates may be favourable, but these cases must be evaluated on an individual basis and beyond scope of this question, therefore we should fall back to the official advice from https://wiki.ubuntu.com/Security/Upgrades

Keeping your computer's software up to date is the single most important task for protecting your system. Ubuntu can alert you to pending updates, and also be configured to apply updates automatically. Security updates for Ubuntu are announced via Ubuntu Security Notices (USNs).

The Security Teams Update Procedure page has a little info on what the secruity updates are (to help understand why they are considered important):

We only fix bugs in our stable releases which truly affect overall system security, i. e. which enable an attacker to circumvent the permissions configured on the system, or are a threat to the user's data in any way. Most common examples:

  • Buffer overflow in a server process which allows to crash it (denial of service) and/or to execute attacker provided code (privilege escalation).
  • Insecure temporary file handling which allows race condition and symlink attacks to delete unrelated files with the invoker's privileges.
  • Non-working security-relevant configuration options (e. g. iptables would allow packets which should be blocked, or a server's ACL option does not do the right thing).
  • Less critical bugs (like Denial of Service vulnerabilities in instant messengers or email applications) are also fixed usually, but with lower priority.

Solution 2:

Not installing security updates creates a situation in which hackers can use your machine to tamper with your data and use your machine to attack others.

For example, an operating system that is using OpenSSL that has not been updated can be tampered with and cause your data to be leaked.