Flexible updates with Linux
Performing updates on any computer system is critical to security, as well as fixing bugs, installing updated software versions with new features, and even revised documentation for installed software. I install updates frequently — at least once a week and sometimes more — primarily for security, but also for all the other reasons.
I use Fedora which has excellent tools for performing updates, as do all the mainline distros suitable for users migrating from Windows. While I usually recommend Linux Mint and Fedora, Ubuntu can also be a good choice for new Linux users, and all of them have great tools for performing updates. And yes, those tools are different.
However, this article is not about the tools, or whether you should do updates from the command line interface (CLI) or a graphical user interface (GUI). Those details are not relevant to the point I want to make, although I’ll use Fedora’s DNF5 package management tool in the examples. And it sort of does turn into a deep dive into the dnf command.
Flexibility
My point today is about flexibility. That is, the complete flexibility I have when installing updates on my Linux systems, especially my server and the system I use as a firewall and router. Flexibility is an important consideration when performing updates to your operating system.
Today — as I write this — most of my systems had over 200 updates to install. Most were for bug fixes, functional or performance enhancements, and even one security patch. There are 5 Types of updates with 5 levels of Severity.
The Types:
- Security
- Bugfix
- Enhancement
- Newpackage
- Minimal
The levels of Severity:
- Critical
- Important
- Moderate
- Low
- None
For example, you can print a summary of the updates available and their level of importance. Note that this doesn’t summarize all of the packages that are available for updates but it does list the ones that have a severity of greater than None. The commands used in these examples must be performed as root.
# dnf updateinfo summary
Updating and loading repositories:
Repositories loaded.
Available advisory information summary:
Security : 14
Critical : 1
Important : 3
Moderate : 9
Low : 1
Other : 0
Bugfix : 69
Enhancement : 30
Other : 20I really like the fact that my CLI tools can also tell me how many of each category of updates there are. But it can also tell us so much more.
Here you can see a command that lists all of the packages that are available to update. This sample is greatly pruned to show only a few of the more than 400 packages in this particular list.
# dnf updateinfo list
Updating and loading repositories:
Repositories loaded.
Name Type Severity Package Issued
FEDORA-2025-00c6ca1044 enhancement Moderate sudo-1.9.17-6.p2.fc43.x86_64 2025-11-06 02:39:59
FEDORA-2025-0316c6173b bugfix None iptables-libs-1.8.11-12.fc43.x86_64 2025-11-01 01:41:04
FEDORA-2025-0316c6173b bugfix None iptables-nft-1.8.11-12.fc43.x86_64 2025-11-01 01:41:04
FEDORA-2025-04cb513f17 bugfix Low libsecret-0.21.7-7.fc43.x86_64 2025-11-06 02:39:59
FEDORA-2025-051a5d5762 bugfix None libldb-2:4.23.3-1.fc43.x86_64 2025-11-11 00:49:05
FEDORA-2025-22ddd517b6 unspecified None SDL3-3.2.24-1.fc43.x86_64 2025-10-31 00:49:56
FEDORA-2025-22fd93478b security Moderate xen-libs-4.20.1-8.fc43.x86_64 2025-10-28 00:58:14
FEDORA-2025-22fd93478b security Moderate xen-licenses-4.20.1-8.fc43.x86_64 2025-10-28 00:58:14
FEDORA-2025-27ed0e6013 unspecified None igvm-libs-0.4.0-5.fc43.x86_64 2025-11-07 02:12:16
FEDORA-2025-2d9e01e0fc security Critical firefox-145.0-2.fc43.x86_64 2025-11-13 00:50:21
FEDORA-2025-cf4f628312 security Important libsss_certmap-2.11.1-4.fc43.x86_64 2025-10-25 20:54:13
FEDORA-2025-cf4f628312 security Important libsss_idmap-2.11.1-4.fc43.x86_64 2025-10-25 20:54:13A normal update with the command dnf -y upgrade would install all of these updates. If you look closely at the list, you can see that some of the packages have the same name. Many of the named updates contain more than one package. You can list the packages for a named update.
# dnf updateinfo list FEDORA-2025-0316c6173b
Updating and loading repositories:
Repositories loaded.
Name Type Severity Package Issued
FEDORA-2025-0316c6173b bugfix None iptables-libs-1.8.11-12.fc43.x86_64 2025-11-01 01:41:04
FEDORA-2025-0316c6173b bugfix None iptables-nft-1.8.11-12.fc43.x86_64 2025-11-01 01:41:04You can use the dnf -y upgrade FEDORA-2025-0316c6173b command to install all (both in this case) the packages in just this one bugfix. You can also install updates for a specific list of advisories by name or severity, by Bugzilla ID, or CVE IDs. Options also include the ability to install all packages for a specific update type, such as security or bugfix.
And, of course, you do get to choose when to install any or all updates, and when to perform a reboot on the updated systems. The reboot can be delayed for hours or days.
When should you reboot?
But how do you know when to reboot? I used to base my answer to that question on whether certain major packages were updated, such as the kernel, systemd, or glibc. But now there’s a tool for that.
After performing an update, you can use the command below to determine whether a reboot is required or not.
# dnf needs-restarting
Updating and loading repositories:
Repositories loaded.
Core libraries or services have been updated since boot-up:
* kernel
* kernel-core
* kernel-modules
* kernel-modules-core
* kernel-modules-extra
* kernel-tools
* kernel-tools-libs
* plasma-activities
* plasma-activities-stats
* python3-perf
Reboot is required to fully utilize these updates.
More information: https://access.redhat.com/solutions/27943In this instance, one of my Fedora VMs needs a reboot so I did it right away. If this command says you don’t need to reboot, you really don’t need to.
The Caveats
That all gives a maximum amount of flexibility, but it also requires some warnings.
First and foremost, you should install all updates as they become available and reboot your systems as soon as possible when needed. This ensures that the system remains stable and fully functional. Unpatched systems will become infected by malware and be used to spread that malware even further. Installing only a few updates will eventually lead to a state in which the packages that were not updated will fail to work properly with the updated ones.
So you should do a complete upgrade as soon as possible after performing a partial one. And do the reboot at the same time if one is required, or as soon as possible after.
I usually do updates sometime during the day and reboot all the systems that need it immediately. I also update my server and firewall/router at the same time as my other systems. I then wait until the number of on-line visitors to my web site is zero or very small to do the reboot for the server and firewall/router.
Regular users
I’ve been discussing the command line interface in this article, things that SysAdmins would use to do more complex tasks related to updates than most users would do. However, all the desktops I’ve tried, have their own GUI tools that less experienced users can employ to install and remove software as well as to perform updates.
Those software management tools are tied to the desktop, such as Xfce, KDE Plasma, MATE, and so on, rather than the distributions. In my experience, all of the GUI tools I’ve tried can be used on any desktop. So if you don’t like DNFDragora that is the default on the Xfce desktop, you can install and switch to “Discover,” which is the default for KDE Plasma.
Final thoughts
The DNF tool we use to install and update software on Fedora Linux is powerful and provide maximum flexibility. It allows us to install only the updates we want or need. It allows you to choose by package name, by advisory name or severity, the CVE ID, and more. It allows us to perform the installations and then reboot the updated systems immediately or later at a time of our choosing.
Tools like apt or apt-get for Debian, Ubuntu, Linux Mint, and others, have many of these same functions and capabilities.
That means we can do updates during regular working hours while the computers are running and busy, without interrupting the flow of business. Then we can reboot — if necessary — at a time when it’s convenient and won’t cause interruptions for us or our customers.
And Linux will never start an update while we’re in the middle of a presentation or working on an important spreadsheet with a critical deadline. We get to choose when to do updates, which updates to perform, and when to reboot — if that’s even necessary.
Linux is just another word for freedom.
More Stories
Easily Create Windows Installation Media Using Linux Tool
Recently, I've been helping people with Windows machines. In one case, I needed to create bootable drives for Windows Server...
Commands I use to explore Linux filesystems
As a SysAdmin, I need to manage the filesystems on the hosts in my home lab. There's usually little to...
Why VirtualBox is my goto Hypervisor
I first started using VirtualBox many years ago, and it quickly became my favorite virtualization platform. What drew me in...
How to generate good passwords with pwgen
Whenever I change passwords on my systems, I need to try to think up ones that will be hard to...