Ubuntu 16.04 Patching to get the latest stable version

Hi Vivek,

I have few questions regarding Ubuntu Patching. Please help me to understand by answering.

  1. Currently our Production is running with Ubuntu Version VERSION=“16.04.6 LTS (Xenial Xerus)”

    * What is the latest stable version for Ubuntu 16.04?
    
    * How often patches get released for all Linux distros? and how often I should patch Ubuntu 16.04 VMs
    
    * How do I know, which are the security patches available(I mean how do I list only security patches which are available to update)
    
    * Finally, we are looking for Patching Automation tool - which one you recommend(be it a OpenSource or with Licence)
    

Please answer for all questions and improve my knowledge on Patching process. If there is any links/docs - related to patching, please do share.

Thanks in advance,
Suresh Bichhali

  • What is the latest stable version for Ubuntu 16.04?
    Ubuntu 16.04.6 LTS. See Releases - Ubuntu Wiki

  • How often patches get released for all Linux distros? and how often I should patch Ubuntu 16.04 VMs?
    When released you need to apply updates. Sometimes we test them before applying provided that you have additional servers/vms. Either way always keep verified backups.

  • How do I know, which are the security patches available(I mean how do I list only security patches which are available to update)
    Run following command

sudo apt update
sudo apt list --upgradable

See the following pages:
https://www.cyberciti.biz/faq/ubuntu-18-04-update-installed-packages-for-security/
https://www.cyberciti.biz/faq/how-do-i-update-ubuntu-linux-softwares/

  • Finally, we are looking for Patching Automation tool - which one you recommend(be it a OpenSource or with Licence)
    You can use Ansible IT automation tool. See

https://www.cyberciti.biz/faq/ansible-apt-update-all-packages-on-ubuntu-debian-linux/

1 Like

Thank you very much for quick response. Amazed!

Last year, I have upgraded all my Prod VMs running on Azure cloud to Ubuntu 16.04.6 LTS.
Now do you recommend to patch them again? As there are no further releases after 16.04.6 LTS.

When I issue the command, # sudo apt list --upgradable

Below is the output. 

$ sudo apt list --upgradable
Listing... Done
ansible/xenial 2.9.12-1ppa~xenial all [upgradable from: 2.9.7-1ppa~xenial]
apport/xenial-updates,xenial-security 2.20.1-0ubuntu2.24 all [upgradable from: 2.20.1-0ubuntu2.23]
apt/xenial-updates,xenial-security 1.2.32ubuntu0.1 amd64 [upgradable from: 1.2.32]
apt-transport-https/xenial-updates,xenial-security 1.2.32ubuntu0.1 amd64 [upgradable from: 1.2.32]
apt-utils/xenial-updates,xenial-security 1.2.32ubuntu0.1 amd64 [upgradable from: 1.2.32]
azure-cli/xenial 2.10.1-1~xenial all [upgradable from: 2.5.1-1~xenial]
base-files/xenial-updates 9.4ubuntu4.12 amd64 [upgradable from: 9.4ubuntu4.11]
bind9-host/xenial-updates,xenial-security 1:9.10.3.dfsg.P4-8ubuntu1.16 amd64 [upgradable from: 1:9.10.3.dfsg.P4-8ubuntu1.15]
ca-certificates/xenial-updates,xenial-security 20190110~16.04.1 all [upgradable from: 20170717~16.04.2]
cloud-init/xenial-updates 20.2-45-g5f7825e2-0ubuntu1~16.04.1 all [upgradable from: 19.4-33-gbb4131a2-0ubuntu1~16.04.1]
curl/xenial-updates,xenial-security 7.47.0-1ubuntu2.15 amd64 [upgradable from: 7.47.0-1ubuntu2.14]
dbus/xenial-updates,xenial-security 1.10.6-1ubuntu3.6 amd64 [upgradable from: 1.10.6-1ubuntu3.5]
dnsutils/xenial-updates,xenial-security 1:9.10.3.dfsg.P4-8ubuntu1.16 amd64 [upgradable from: 1:9.10.3.dfsg.P4-8ubuntu1.15]
file/xenial-updates,xenial-security 1:5.25-2ubuntu1.4 amd64 [upgradable from: 1:5.25-2ubuntu1.3]
kubectl/kubernetes-xenial 1.18.8-00 amd64 [upgradable from: 1.18.2-00]
libapt-inst2.0/xenial-updates,xenial-security 1.2.32ubuntu0.1 amd64 [upgradable from: 1.2.32]
libapt-pkg5.0/xenial-updates,xenial-security 1.2.32ubuntu0.1 amd64 [upgradable from: 1.2.32]
libbind9-140/xenial-updates,xenial-security 1:9.10.3.dfsg.P4-8ubuntu1.16 amd64 [upgradable from: 1:9.10.3.dfsg.P4-8ubuntu1.15]
libc-bin/xenial-updates,xenial-security 2.23-0ubuntu11.2 amd64 [upgradable from: 2.23-0ubuntu11]
libc6/xenial-updates,xenial-security 2.23-0ubuntu11.2 amd64 [upgradable from: 2.23-0ubuntu11]
libcurl3-gnutls/xenial-updates,xenial-security 7.47.0-1ubuntu2.15 amd64 [upgradable from: 7.47.0-1ubuntu2.14]
libdbus-1-3/xenial-updates,xenial-security 1.10.6-1ubuntu3.6 amd64 [upgradable from: 1.10.6-1ubuntu3.5]
libdns-export162/xenial-updates,xenial-security 1:9.10.3.dfsg.P4-8ubuntu1.16 amd64 [upgradable from: 1:9.10.3.dfsg.P4-8ubuntu1.15]
libdns162/xenial-updates,xenial-security 1:9.10.3.dfsg.P4-8ubuntu1.16 amd64 [upgradable from: 1:9.10.3.dfsg.P4-8ubuntu1.15]
libgnutls-openssl27/xenial-updates 3.4.10-4ubuntu1.8 amd64 [upgradable from: 3.4.10-4ubuntu1.7]
libgnutls30/xenial-updates 3.4.10-4ubuntu1.8 amd64 [upgradable from: 3.4.10-4ubuntu1.7]
libisc-export160/xenial-updates,xenial-security 1:9.10.3.dfsg.P4-8ubuntu1.16 amd64 [upgradable from: 1:9.10.3.dfsg.P4-8ubuntu1.15]
libisc160/xenial-updates,xenial-security 1:9.10.3.dfsg.P4-8ubuntu1.16 amd64 [upgradable from: 1:9.10.3.dfsg.P4-8ubuntu1.15]
libisccc140/xenial-updates,xenial-security 1:9.10.3.dfsg.P4-8ubuntu1.16 amd64 [upgradable from: 1:9.10.3.dfsg.P4-8ubuntu1.15]
libisccfg140/xenial-updates,xenial-security 1:9.10.3.dfsg.P4-8ubuntu1.16 amd64 [upgradable from: 1:9.10.3.dfsg.P4-8ubuntu1.15]
libjson-c2/xenial-updates,xenial-security 0.11-4ubuntu2.6 amd64 [upgradable from: 0.11-4ubuntu2]
libldap-2.4-2/xenial-updates 2.4.42+dfsg-2ubuntu3.9 amd64 [upgradable from: 2.4.42+dfsg-2ubuntu3.8]
liblwres141/xenial-updates,xenial-security 1:9.10.3.dfsg.P4-8ubuntu1.16 amd64 [upgradable from: 1:9.10.3.dfsg.P4-8ubuntu1.15]
libmagic1/xenial-updates,xenial-security 1:5.25-2ubuntu1.4 amd64 [upgradable from: 1:5.25-2ubuntu1.3]
libpam-systemd/xenial-updates 229-4ubuntu21.28 amd64 [upgradable from: 229-4ubuntu21.27]
libpython2.7-minimal/xenial-updates,xenial-security 2.7.12-1ubuntu0~16.04.12 amd64 [upgradable from: 2.7.12-1ubuntu0~16.04.11]
libpython2.7-stdlib/xenial-updates,xenial-security 2.7.12-1ubuntu0~16.04.12 amd64 [upgradable from: 2.7.12-1ubuntu0~16.04.11]
libpython3.5/xenial-updates,xenial-security 3.5.2-2ubuntu0~16.04.11 amd64 [upgradable from: 3.5.2-2ubuntu0~16.04.10]
libpython3.5-minimal/xenial-updates,xenial-security 3.5.2-2ubuntu0~16.04.11 amd64 [upgradable from: 3.5.2-2ubuntu0~16.04.10]
libpython3.5-stdlib/xenial-updates,xenial-security 3.5.2-2ubuntu0~16.04.11 amd64 [upgradable from: 3.5.2-2ubuntu0~16.04.10]
libseccomp2/xenial-updates,xenial-security 2.4.3-1ubuntu3.16.04.3 amd64 [upgradable from: 2.4.1-0ubuntu0.16.04.2]
libsqlite3-0/xenial-updates,xenial-security 3.11.0-1ubuntu1.5 amd64 [upgradable from: 3.11.0-1ubuntu1.4]
libssl1.0.0/xenial-updates,xenial-security 1.0.2g-1ubuntu4.16 amd64 [upgradable from: 1.0.2g-1ubuntu4.15]
libsystemd0/xenial-updates 229-4ubuntu21.28 amd64 [upgradable from: 229-4ubuntu21.27]
libudev1/xenial-updates 229-4ubuntu21.28 amd64 [upgradable from: 229-4ubuntu21.27]
linux-base/xenial-updates,xenial-security 4.5ubuntu1.2~16.04.1 all [upgradable from: 4.5ubuntu1.1~16.04.1]
locales/xenial-updates,xenial-security 2.23-0ubuntu11.2 all [upgradable from: 2.23-0ubuntu11]
multiarch-support/xenial-updates,xenial-security 2.23-0ubuntu11.2 amd64 [upgradable from: 2.23-0ubuntu11]
openssh-client/xenial-updates 1:7.2p2-4ubuntu2.10 amd64 [upgradable from: 1:7.2p2-4ubuntu2.8]
openssh-server/xenial-updates 1:7.2p2-4ubuntu2.10 amd64 [upgradable from: 1:7.2p2-4ubuntu2.8]
openssh-sftp-server/xenial-updates 1:7.2p2-4ubuntu2.10 amd64 [upgradable from: 1:7.2p2-4ubuntu2.8]
openssl/xenial-updates,xenial-security 1.0.2g-1ubuntu4.16 amd64 [upgradable from: 1.0.2g-1ubuntu4.15]
python-apt-common/xenial-updates 1.1.0~beta1ubuntu0.16.04.9 all [upgradable from: 1.1.0~beta1ubuntu0.16.04.8]
python2.7/xenial-updates,xenial-security 2.7.12-1ubuntu0~16.04.12 amd64 [upgradable from: 2.7.12-1ubuntu0~16.04.11]
python2.7-minimal/xenial-updates,xenial-security 2.7.12-1ubuntu0~16.04.12 amd64 [upgradable from: 2.7.12-1ubuntu0~16.04.11]
python3-apport/xenial-updates,xenial-security 2.20.1-0ubuntu2.24 all [upgradable from: 2.20.1-0ubuntu2.23]
python3-apt/xenial-updates 1.1.0~beta1ubuntu0.16.04.9 amd64 [upgradable from: 1.1.0~beta1ubuntu0.16.04.8]
python3-distupgrade/xenial-updates 1:16.04.30 all [upgradable from: 1:16.04.29]
python3-problem-report/xenial-updates,xenial-security 2.20.1-0ubuntu2.24 all [upgradable from: 2.20.1-0ubuntu2.23]
python3-software-properties/xenial-updates,xenial-security 0.96.20.10 all [upgradable from: 0.96.20.9]
python3.5/xenial-updates,xenial-security 3.5.2-2ubuntu0~16.04.11 amd64 [upgradable from: 3.5.2-2ubuntu0~16.04.10]
python3.5-minimal/xenial-updates,xenial-security 3.5.2-2ubuntu0~16.04.11 amd64 [upgradable from: 3.5.2-2ubuntu0~16.04.10]
snapd/xenial-updates,xenial-security 2.45.1ubuntu0.2 amd64 [upgradable from: 2.42.1]
software-properties-common/xenial-updates,xenial-security 0.96.20.10 all [upgradable from: 0.96.20.9]
sosreport/xenial-updates 3.9.1-1ubuntu0.16.04.1 amd64 [upgradable from: 3.9-1ubuntu0.16.04.1]
systemd/xenial-updates 229-4ubuntu21.28 amd64 [upgradable from: 229-4ubuntu21.27]
systemd-sysv/xenial-updates 229-4ubuntu21.28 amd64 [upgradable from: 229-4ubuntu21.27]
tzdata/xenial-updates,xenial-security 2020a-0ubuntu0.16.04 all [upgradable from: 2019c-0ubuntu0.16.04]
ubuntu-core-launcher/xenial-updates,xenial-security 2.45.1ubuntu0.2 amd64 [upgradable from: 2.42.1]
ubuntu-keyring/xenial-updates 2012.05.19.1 all [upgradable from: 2012.05.19]
ubuntu-release-upgrader-core/xenial-updates 1:16.04.30 all [upgradable from: 1:16.04.29]
udev/xenial-updates 229-4ubuntu21.28 amd64 [upgradable from: 229-4ubuntu21.27]

Thanks,
Suresh Bichhali

yes, you have to update them not just every year but weekly. Updates are released as security bugs are found. Remember for Linux kernel update to take place you have reboot VM/server one-by-one. Goodluck!

1 Like

Thank you Vivek. I will proceed onto Patching all my VMs.
Keep up the good work your doing and Keep Inspiring :blush: