How to get a list of security updates on the command line in Debian/Ubuntu
Solution 1:
apt-get upgrade -s | grep -i security
... is what the Nagios check-apt plugin uses to count pending security updates which is similar to what you're looking for.
Solution 2:
On ubuntu you should be able to use apt-check, it's the one that populates your motd with the number of security updates available.
Solution 3:
Use the unattended-upgrade application.
sudo unattended-upgrade
This lets you install only security updates automatically, but you can call it manually if needed.
Solution 4:
You can get a list with this command:
sudo unattended-upgrade --dry-run -d 2> /dev/null | grep 'Checking' | awk '{ print $2 }'
Solution 5:
I have a modified version of update-notifier
that takes an additional switch: --security-package-names
which outputs only the security related package names. I have it as a gist (until I create a merge request in the relevant project in launchpad). Until then it can be run as follows:
Run
curl -s https://gist.githubusercontent.com/ahmadnazir/c2444d6b09fd7bb4963a13bc577d92a3/raw/0231b94a4e46abe0a5959de5f84feda76ad2eb9d/apt-check.py \
| python /dev/stdin --security-package-names \
| column -t -s , \
| sort
Output
This gives an output of the format: package name, installed version, and candidate version:
...
thunderbird 1:38.6.0+build1-0ubuntu0.14.04.1 1:38.8.0+build1-0ubuntu0.14.04.1
thunderbird-gnome-support 1:38.6.0+build1-0ubuntu0.14.04.1 1:38.8.0+build1-0ubuntu0.14.04.1
thunderbird-locale-en 1:38.6.0+build1-0ubuntu0.14.04.1 1:38.8.0+build1-0ubuntu0.14.04.1
thunderbird-locale-en-us 1:38.6.0+build1-0ubuntu0.14.04.1 1:38.8.0+build1-0ubuntu0.14.04.1
...