How to apply Debian security patches

I am new to Debian and confused about how to get access to the Debian security updates. How do I apply security patches to my Debian Linux server using the command line option?

If you are new to Debian and confused about how to get access to the Debian security updates. This tutorial tells you how to keep your server or the cloud computer powered by Debian Linux 9.x or 8.x current with the latest security updates. You need to use either apt-get command or apt command to apply patches to Debian Linux server or desktop based system.


The syntax is:
$ sudo apt update
$ sudo apt upgrade

OR use the apt-get command to fetch repo updates:
$ sudo apt-get update
Sample outputs:

Get:2 stretch/updates InRelease [62.9 kB]
Ign:1 stretch InRelease
Get:3 stretch Release [118 kB]
Get:4 stretch Release.gpg [2,373 B]
Get:5 stretch/updates/main amd64 Packages [128 kB]
Get:6 stretch/main amd64 Packages [7,095 kB]
Get:7 stretch/updates/main Translation-en [52.7 kB]   
Get:8 stretch/updates/contrib amd64 Packages [556 B]       
Get:9 stretch/updates/contrib Translation-en [256 B] 
Get:10 stretch/main Translation-en [5,393 kB]                                                                                                                                                 
Get:11 stretch/main amd64 Contents (deb) [31.4 MB]                                                                                                                                            
Get:12 stretch/non-free amd64 Packages [77.9 kB]                                                                                                                                              
Get:13 stretch/non-free Translation-en [79.2 kB]                                                                                                                                              
Get:14 stretch/non-free amd64 Contents (deb) [810 kB]                                                                                                                                         
Fetched 45.3 MB in 49s (906 kB/s)                                                                                                                                                                                                     
Reading package lists... Done

Now install patches:
$ sudo apt-get upgrade
Sample outputs:

Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
  adwaita-icon-theme apache2 apache2-bin apache2-data apache2-utils apt apt-utils base-files bind9 bind9-host bind9utils devscripts dnsutils gnuplot gnuplot-data gnuplot-nox host imagemagick imagemagick-6-common imagemagick-6.q16
  libapt-inst2.0 libapt-pkg5.0 libbind9-140 libc-ares2 libdns-export162 libdns162 libgnutls-openssl27 libgnutls30 libirs-export141 libirs141 libisc-export160 libisc160 libisccc-export140 libisccc140 libisccfg-export140
  libisccfg140 liblwres141 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickwand-6.q16-3 libpam-systemd libperl5.24 libpulse0 libsystemd0 libudev1 linux-compiler-gcc-6-x86 linux-headers-4.9.0-3-amd64
  linux-headers-4.9.0-3-common linux-headers-amd64 linux-image-4.9.0-3-amd64 linux-image-amd64 linux-kbuild-4.9 linux-libc-dev openssh-client openssh-server openssh-sftp-server os-prober perl perl-base perl-modules-5.24 socat
  systemd systemd-sysv udev unrar
65 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 91.4 MB of archives.
After this operation, 57.3 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:2 stretch/updates/main amd64 apache2 amd64 2.4.25-3+deb9u2 [235 kB]
Get:1 stretch/main amd64 base-files amd64 9.9+deb9u1 [67.2 kB]
Get:3 stretch/main amd64 libperl5.24 amd64 5.24.1-3+deb9u1 [3,524 kB]
Get:37 stretch/main amd64 os-prober amd64 1.76~deb9u1 [30.0 kB]                                                                                                                               
Get:38 stretch/main amd64 socat amd64 [353 kB]                                                                                                                               
Get:65 stretch/updates/main amd64 linux-libc-dev amd64 4.9.30-2+deb9u3 [1,252 kB]                                                                                                                          
Fetched 91.4 MB in 1min 9s (1,311 kB/s)                                                                                                                                                                                               
Reading changelogs... Done
Extracting templates from packages: 100%
Preconfiguring packages ...
(Reading database ... 115129 files and directories currently installed.)
Preparing to unpack .../base-files_9.9+deb9u1_amd64.deb ...
Unpacking base-files (9.9+deb9u1) over (9.9) ...
Setting up base-files (9.9+deb9u1) ...
Installing new version of config file /etc/debian_version ...
Setting up libirs141:amd64 (1:9.10.3.dfsg.P4-12.3+deb9u2) ...
Setting up linux-image-amd64 (4.9+80+deb9u1) ...
Setting up gnuplot (5.0.5+dfsg1-6+deb9u1) ...
Setting up openssh-sftp-server (1:7.4p1-10+deb9u1) ...
Setting up libmagickcore-6.q16-3-extra:amd64 (8: ...
Setting up imagemagick (8: ...
Setting up libbind9-140:amd64 (1:9.10.3.dfsg.P4-12.3+deb9u2) ...
Setting up bind9utils (1:9.10.3.dfsg.P4-12.3+deb9u2) ...
Setting up bind9-host (1:9.10.3.dfsg.P4-12.3+deb9u2) ...
Setting up linux-headers-amd64 (4.9+80+deb9u1) ...
Setting up apache2 (2.4.25-3+deb9u2) ...
insserv: warning: current start runlevel(s) (empty) of script `apache-htcacheclean' overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `apache-htcacheclean' overrides LSB defaults (0 1 6).
Setting up host (1:9.10.3.dfsg.P4-12.3+deb9u2) ...
Setting up bind9 (1:9.10.3.dfsg.P4-12.3+deb9u2) ...
Setting up dnsutils (1:9.10.3.dfsg.P4-12.3+deb9u2) ...
Setting up openssh-server (1:7.4p1-10+deb9u1) ...
Processing triggers for initramfs-tools (0.130) ...
update-initramfs: Generating /boot/initrd.img-4.9.0-3-amd64
cryptsetup: WARNING: failed to detect canonical device of /dev/md0
cryptsetup: WARNING: could not determine root device from /etc/fstab
W: initramfs-tools configuration sets RESUME=UUID=054b217a-306b-4c18-b0bf-0ed85af6c6e1
W: but no matching swap device is available.
I: The initramfs will attempt to resume from /dev/md1p1
I: (UUID=bf72f3d4-3be4-4f68-8aae-4edfe5431670)
I: Set the RESUME variable to override this.
Processing triggers for libc-bin (2.24-11+deb9u1) ..

Please note that while installing patches you might be prompted to install or keep existing config files:

Click to enlarge

I suggest that you reboot the Linux box to verify that update was successful or to load new Linux kernel:
$ sudo reboot
$ sudo shutdown -r now
This entry is 1 of 3 in the Applying Debian/Ubuntu Linux Security Updates/Patches series. Keep reading the rest of the series:
  1. How to apply Debian security patches
  2. How to keep Debian Linux patched with latest security updates automatically
  3. Ubuntu Enable & Setup Automatic Unattended Security Updates

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 0 comments... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
0 comments… add one

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum