Sometimes I don't want to update everything on my Ubuntu, but I want to keep it up to date with all patched security holes. At the same time I don't like when updates happen automatically, like Ubuntu documentation suggests.
This is the way to apply only security fixes:
1. Copy update sources list to a new file
sudo cp /etc/apt/sources.list /etc/apt/security.sources.list
2. Comment out everything in new file, but leave only security repositories
3. Use following command to apply updates using new file:
sudo apt-get upgrade -o Dir::Etc::SourceList=/etc/apt/security.sources.list
I created an alias in my .bash_aliases for it:
alias updatesecurity='sudo apt-get upgrade -o Dir::Etc::SourceList=/etc/apt/security.sources.list'
Now I simply type updatesecurity to stay up to date.
I found this solution via ServerFault.com