New exploits are discovered just about every day in software both old and new. To combat this, software vendors release security updates, which the Ubuntu team packages up and ships as new, more secure versions of the software you’ve installed.
Supporting every version of every package ever built for Ubuntu would be an impossible task, so the Ubuntu team produces releases with defined support windows. There are two kinds: Long Term Support (LTS) releases get 5 years of server support after the release date, while regular releases get 18 months. Once a support window closes, you won’t receive security updates or be able to easily upgrade packages, so it’s important to plan your upgrades before support ends.
Here are the commonly referenced releases, their dates, and their support windows:
| Version | Name | Release Date | Support Ends |
|---|---|---|---|
| 10.04 [LTS] | Lucid Lynx | April 2010 | April 2015 |
| 9.10 | Karmic Koala | October 29, 2009 | April 2011 |
| 9.04 | Jaunty Jackalope | April 23, 2009 | October 2010 |
| 8.10 | Intrepid Ibex | October 30, 2008 | April 2010 |
| 8.04.4 [LTS] | Hardy Heron | January 28, 2010 | April 2013 |
| 8.04.3 [LTS] | Hardy Heron | July 16, 2009 | April 2013 |
| 8.04.2 [LTS] | Hardy Heron | January 22, 2009 | April 2013 |
| 8.04.1 [LTS] | Hardy Heron | July 3, 2008 | April 2013 |
| 8.04 [LTS] | Hardy Heron | April 24, 2008 | April 2013 |
| 7.10 | Gutsy Gibbon | October 18, 2007 | April 2009 |
| 7.04 | Feisty Fawn | April 19, 2007 | October 2008 |
| 6.10 | Edgy Eft | October 26, 2006 | April 2008 |
| 6.06.2 [LTS] | Dapper Drake | January 21, 2008 | June 2011 |
| 6.06.1 [LTS] | Dapper Drake | August 10, 2006 | June 2011 |
| 6.06 [LTS] | Dapper Drake | June 1, 2006 | June 2011 |
| 5.10 | Breezy Badger | October 12, 2005 | April 2007 |
| 5.04 | Hoary Hedgehog | April 8, 2005 | October 2006 |
| 4.10 | Warty Warthog | October 26, 2004 | April 2006 |
At the time of writing, the currently supported releases are 6.06, 8.04, 8.10, 9.04, and 9.10. Ubuntu 10.04 is due in April.
Your responsibilities
As a server operator, there are two things you need to know how to do: upgrade installed packages, and upgrade to the next Ubuntu release. I’ll cover both, but first let’s do a little setup to make the whole process faster.
Using a package mirror
The most time-consuming part of any update is downloading packages from remote servers. To speed things up, Xeriom Networks provides a local mirror of the software packages for 8.04, 8.10, 9.04, and 9.10. If you’re not hosted with Xeriom (why not?), ask your provider whether they offer a package mirror. If they don’t, skip this section and hope your connection is fast enough.
Setting up the mirror requires editing just one file. A straightforward editor for this is nano. Install it by connecting to your server via SSH and running:
sudo apt-get install nano --yes
Next, find out which Ubuntu release you’re running:
cat /etc/lsb-release
Match your release to the appropriate entry on this wiki page: http://wiki.xeriom.net/w/XeriomUbuntuPackagesService
Copy the text from the box that matches your release. Then open the sources list for editing:
sudo nano -w /etc/apt/sources.list
Delete all existing lines and paste in the text you copied. Save and exit with Ctrl+X.
Now tell Ubuntu to refresh its package list so it picks up the local mirror:
sudo apt-get update
You’re now using the Xeriom package mirror.
Upgrading installed software
Keeping your packages up to date is one of the most important things you can do for server security. That said, new packages can occasionally break things, so don’t set this up to run automatically. Sit down, review what’s changing, and apply updates deliberately.
First, refresh your package database to make sure you’re seeing the latest available versions:
sudo apt-get update
Then ask apt-get to upgrade your installed packages:
sudo apt-get upgrade
This calculates everything that needs upgrading, shows you the list, and asks for confirmation. Most of the time it will run smoothly, but always check what’s about to change before saying yes.
Upgrading to the next release
A full release upgrade is a bigger operation. A large number of packages will be updated, and you’ll almost certainly need to reboot (the kernel is usually among the upgraded packages), so plan for a little downtime.
You’ll need the update-manager-core package. If this is your first release upgrade, install it:
sudo apt-get install update-manager-core
Next, configure your upgrade strategy. Open the configuration file:
sudo nano -w /etc/update-manager/release-upgrades
Find the line that starts with Prompt= and set it to one of: lts, normal, or never. For example, Prompt=lts will only offer upgrades to LTS releases, giving you 5 years of support per release. Save and exit with Ctrl+X.
Before you upgrade, read the release notes for the version you’re upgrading to. Make sure you understand any known issues and caveats.
Once you’re satisfied and have scheduled a maintenance window, start the upgrade:
sudo do-release-upgrade
This will calculate the full list of package changes and ask for confirmation. Don’t just say yes – read through the list and make sure you understand what upgrading means for your setup.
If it all goes wrong
Sometimes things break. Maybe a new release has an unexpected issue, or the upgrade removes a package your application depends on. If that happens, we can create a fresh image of whatever supported release you need. Your data won’t be on the new image, of course, so make sure your backups are current before you start.