Update Ubuntu safely with apt

What you will achieve

An updated Ubuntu system with security patches applied and a clear understanding of when reboot is required.

1) Routine updates

sudo apt update
sudo apt upgrade -y

apt update refreshes package lists. apt upgrade installs newer versions of installed packages without removing packages.

2) Full upgrades vs release upgrades

• sudo apt full-upgrade — may install or remove dependencies to resolve conflicts; use when plain upgrade stalls.
• sudo do-release-upgrade — moves between Ubuntu releases (e.g. 22.04 → 24.04). Back up first; read release notes.

3) Reboot when required

[ -f /var/run/reboot-required ] && cat /var/run/reboot-required.pkgs

Kernel or libc updates often need reboot. Schedule reboot during maintenance windows on servers.

4) Fix common APT errors

sudo apt --fix-broken install
sudo dpkg --configure -a

If a package hold is intentional: apt-mark showhold. Remove hold only when you understand why it was set.

5) Unattended security updates (servers)

Install unattended-upgrades for automatic security patches — configure /etc/apt/apt.conf.d/50unattended-upgrades to match your change policy.

Verify

apt list --upgradable
uname -r

No unexpected upgradable packages (or only ones you deferred). Services you rely on start cleanly after reboot.