How to get a list of security updates on the command line in Debian/Ubuntu

Solution 1:

apt-get upgrade -s | grep -i security

... is what the Nagios check-apt plugin uses to count pending security updates which is similar to what you're looking for.

Solution 2:

On ubuntu you should be able to use apt-check, it's the one that populates your motd with the number of security updates available.


Solution 3:

Use the unattended-upgrade application.

sudo unattended-upgrade

This lets you install only security updates automatically, but you can call it manually if needed.


Solution 4:

You can get a list with this command:

sudo unattended-upgrade --dry-run -d 2> /dev/null | grep 'Checking' | awk '{ print $2 }'

Solution 5:

I have a modified version of update-notifier that takes an additional switch: --security-package-names which outputs only the security related package names. I have it as a gist (until I create a merge request in the relevant project in launchpad). Until then it can be run as follows:

Run

curl -s https://gist.githubusercontent.com/ahmadnazir/c2444d6b09fd7bb4963a13bc577d92a3/raw/0231b94a4e46abe0a5959de5f84feda76ad2eb9d/apt-check.py \
  | python /dev/stdin --security-package-names \
  | column -t -s , \
  | sort

Output

This gives an output of the format: package name, installed version, and candidate version:

...
thunderbird                          1:38.6.0+build1-0ubuntu0.14.04.1     1:38.8.0+build1-0ubuntu0.14.04.1
thunderbird-gnome-support            1:38.6.0+build1-0ubuntu0.14.04.1     1:38.8.0+build1-0ubuntu0.14.04.1
thunderbird-locale-en                1:38.6.0+build1-0ubuntu0.14.04.1     1:38.8.0+build1-0ubuntu0.14.04.1
thunderbird-locale-en-us             1:38.6.0+build1-0ubuntu0.14.04.1     1:38.8.0+build1-0ubuntu0.14.04.1
...