I hope you're doing fine,
I'm looking for a way to install manually only security updates in an ubuntu machine
Anyone can help? thanks
While possible, this is not recommended. But here you go anyway.
The software on your Ubuntu system comes (mostly) from repositories. They're divided up into pockets and sections. The sections are main, restricted, universe and multiverse. The pockets on a typical release like Ubuntu 22.04 LTS (Jammy) are called lunar (sometimes called release) updates, security, proposed and backports.
The repositories are typically configured with a file called /etc/apt/sources.list. That might look like this at a minimum.
Note: The order and formatting may be slightly different.
deb http://archive.ubuntu.com/ubuntu lunar main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu lunar-security main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu lunar-updates main restricted universe multiverse
#deb http://archive.ubuntu.com/ubuntu lunar-proposed main restricted universe multiverse
#deb http://archive.ubuntu.com/ubuntu lunar-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu lunar-security main restricted universe multiverse
The ones with a # hash at the start are commented out. That means when updating, your package manager won't see these lines, and won't look in those pockets.
If you only want to get security updates, you can comment out every line except the ones which mention security, thus:
#deb http://archive.ubuntu.com/ubuntu lunar main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu lunar-security main restricted universe multiverse
#deb http://archive.ubuntu.com/ubuntu lunar-updates main restricted universe multiverse
#deb http://archive.ubuntu.com/ubuntu lunar-proposed main restricted universe multiverse
#deb http://archive.ubuntu.com/ubuntu lunar-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu lunar-security main restricted universe multiverse
The byproduct of this is you won't be able to install any new software, and won't get any bug-fixes that aren't delivered as security updates. But that's what I assume you're asking for.
What this won't deal with is updates via any other package managers like snap, flatpak or other third party packaging systems like npm, pip and so on.
