How to get a list of all pending security updates?

apt updates

Solution 1:

If you are just looking to do this quickly once, instead of creating a separate repository and scripting up some automation and all that. Great if you aren't supposed to be making changes while auditing a system or whatever.

These two commands will spit out the list. Pipe to wc -l to see how many are behind. ;-)

grep security /etc/apt/sources.list > /tmp/security.list
sudo apt-get upgrade -oDir::Etc::Sourcelist=/tmp/security.list -oDir::Etc::SourceParts=/some/valid/dir/false -s

Still valid for older distros or if you have update repos off, but security on:

sudo apt-get upgrade -s | grep ^Inst | grep -i security

Solution 2:

+---------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|                            Command                            |                                                                               Purpose                                                                               |
+---------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| apt list --upgradable                                         | List all updates available                                                                                                                                          |
| apt list --upgradable | grep "\-security"                     | List all updates that are security.                                                                                                                                 |
| apt list --upgradable 2>/dev/null | grep "\-security" | wc -l | Count number of security updates available. and redirects the stderr like "WARNING: apt does not have a stable CLI interface. Use with caution in scripts." to null |
+---------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+

Solution 3:

sudo apt-get -s --no-download dist-upgrade -V | grep "^Inst.*security.*$" | cut -d " " -f 2

With some help from this question

Solution 4:

there must be a way to request how many packages are updatable and how many security updates right now, but if you settle for asking it once a day you can simply read the file /var/lib/update-notifier/updates-available, which seems to be updated daily by the script /etc/cron.daily/update-notifier-common which belongs to the package update-notifier-common

Example:

$ sudo cat /var/lib/update-notifier/updates-available

355 packages can be updated.
1 update is a security update.

Tested in:

  • Ubuntu 14.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 18.04 LTS

Regards,

/Ángel

Related

Virtualbox does not run: NS_ERROR_FAILURE
How do I change how long notifications are displayed?
Dock settings missing in gnome-control-center after upgrade to Ubuntu 17.10
Can't move files to the trash [duplicate]
How can I run original command that aliased with same name?
Failed to fetch http://in.archive.ubuntu.com/ubuntu/dists/maverick/Release
Cannot install Ubuntu 20.04 on Mac mini 2020
Safely removing USB 3.0 drive freezes the system - why and how to fix?
How to make my pci wifi card rtl8822 working on ubuntu
Power management for wireless unable to turn off in Xubunu 15.04 Vivid
Disk drive boot problem: The disk drive for /tmp is not ready yet or is not present!
Can't install wine (or ia32-libs) in Ubuntu 12.10 64 bit