Ubuntu – How to get a list of all pending security updates

aptupdates

I need to list (not count or install) all pending security updates on an Ubuntu 14.04 system. I've read the post How to create a list of of only security updates with apt-get? and its accepted answer (apt-show-versions | grep upgradeable | grep security) does indeed give me a list.

However, that command lists 62 pending security updates. /usr/lib/update-notifier/apt-check tells me that I have 75 pending security updates, but doesn't seem to have a way to list them. How can I reconcile these two numbers? Is one of the two commands doing something other than what I want?

Best Answer

If you are just looking to do this quickly once, instead of creating a separate repository and scripting up some automation and all that. Great if you aren't supposed to be making changes while auditing a system or whatever.

These two commands will spit out the list. Pipe to wc -l to see how many are behind. ;-)

grep security /etc/apt/sources.list > /tmp/security.list
sudo apt-get upgrade -oDir::Etc::Sourcelist=/tmp/security.list -oDir::Etc::SourceParts=/some/valid/dir/false -s

Still valid for older distros or if you have update repos off, but security on:

sudo apt-get upgrade -s| grep ^Inst |grep Security
Related Question