Routine package updates do more than bump version numbers: they bring in security fixes, dependency fixes, driver updates, and application patches before small problems turn into broken workloads. To update Ubuntu packages from the command line, refresh APT’s package lists first, then review and apply upgrades with apt upgrade or apt full-upgrade when dependency changes need extra handling.
The same package-maintenance commands work on Ubuntu 26.04 LTS (Resolute Raccoon), 24.04 LTS (Noble Numbat), and 22.04 LTS (Jammy Jellyfish). Ubuntu 26.04 uses APT 3 while Ubuntu 24.04 and 22.04 use APT 2, so some output wording differs even when the command behavior is the same.
Update Ubuntu Packages from the Command Line
For normal maintenance, refresh package metadata and then upgrade installed packages:
sudo apt update && sudo apt upgradeThe && operator runs the upgrade only if the package-list refresh succeeds. Keep the confirmation prompt for regular desktop or server maintenance so you can review which packages APT plans to change before it proceeds.
These commands use
sudobecause package upgrades change system-owned files. If your account cannot run administrative commands yet, use a root shell or follow our guide to add a new user to sudoers on Ubuntu.
Refresh APT Package Lists
APT checks enabled package sources, including Ubuntu repositories and any third-party entries you added, and downloads fresh package metadata with apt update. This step does not install anything by itself.
sudo apt updateA fully current Ubuntu 26.04 system ends with output similar to this:
Hit:1 http://archive.ubuntu.com/ubuntu resolute InRelease Hit:2 http://archive.ubuntu.com/ubuntu resolute-updates InRelease Hit:3 http://archive.ubuntu.com/ubuntu resolute-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu resolute-security InRelease Reading package lists... Building dependency tree... Reading state information... All packages are up to date.
If the last line says N packages can be upgraded, that is not an error. It means the package index refresh worked and APT found installed packages with newer versions available.
8 packages can be upgraded. Run 'apt list --upgradable' to see them.
Upgrade Installed Ubuntu Packages
After the package lists are current, apply available upgrades with:
sudo apt upgradeapt upgrade upgrades installed packages from the enabled sources. Current APT can install new dependency packages when an upgraded package needs them, but it will not remove already installed packages. If a package upgrade requires removal, APT leaves that package back for a more deliberate dependency-resolution step.
Preview the transaction as root without changing the system when you want to inspect the plan first:
sudo apt -s upgradeOn Ubuntu 24.04 and 22.04, the simulated output uses the older APT 2 wording. Ubuntu 26.04 with APT 3 uses a shorter summary block for many package operations.
Understand apt vs apt-get on Ubuntu
Ubuntu includes both apt and apt-get. They use the same package database, but they are aimed at different jobs.
aptis the better interactive tool for terminal sessions because its output is designed for humans.apt-getis the safer default for scripts because its command-line behavior is more stable across APT releases.
The apt-get equivalent of the metadata refresh is:
sudo apt-get updateThe apt-get equivalent of the normal package upgrade is:
sudo apt-get upgradeFor manual maintenance, use apt. For repeatable scripts, automation, or runbooks that parse output, use apt-get and keep prompts explicit.
Check Which Ubuntu Packages Can Be Updated
Check the pending package list before you upgrade when you want to review kernel updates, desktop components, security libraries, or third-party packages separately.
sudo apt update
apt list --upgradableThe listing does not need sudo because it only reads package metadata. A system with pending Ubuntu 24.04 updates can show output like this:
Listing... gnome-shell-common/noble-updates 46.0-0ubuntu6~24.04.14 all [upgradable from: 46.0-0ubuntu6~24.04.13] gnome-shell/noble-updates 46.0-0ubuntu6~24.04.14 amd64 [upgradable from: 46.0-0ubuntu6~24.04.13] heif-gdk-pixbuf/noble-updates 1.17.6-1ubuntu4.3 amd64 [upgradable from: 1.17.6-1ubuntu4.2] libheif1/noble-updates 1.17.6-1ubuntu4.3 amd64 [upgradable from: 1.17.6-1ubuntu4.2]
Each line shows the package name, source pocket, new version, architecture, and installed version. To inspect one package in more detail, use apt-cache policy with the package name. The example uses gnome-shell because it appears in the sample list; replace it with a package from your own output.
apt-cache policy gnome-shellRelevant output includes the installed version, upgrade candidate, and repository source:
gnome-shell:
Installed: 46.0-0ubuntu6~24.04.13
Candidate: 46.0-0ubuntu6~24.04.14
Version table:
46.0-0ubuntu6~24.04.14 500
500 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages
*** 46.0-0ubuntu6~24.04.13 100
100 /var/lib/dpkg/status
For a broader inventory of installed packages, see our guide to list installed packages on Ubuntu.
Upgrade a Specific Ubuntu Package
Upgrade a single installed package when you need one fix now but want to delay the rest of the system update. Use install --only-upgrade, not apt upgrade package-name.
sudo apt install --only-upgrade bashReplace bash with the package you want to update. The --only-upgrade flag tells APT to upgrade the package only if it is already installed; it will not install a missing package by accident.
The equivalent apt-get command is:
sudo apt-get install --only-upgrade bashIf you intentionally want to install the package when it is missing, use the normal install command instead:
sudo apt install bashUse full-upgrade for Dependency Changes
Use full-upgrade when a normal upgrade leaves packages behind because the resolver would need to replace packages, remove conflicts, or make broader dependency changes that upgrade will not apply.
sudo apt update
sudo apt full-upgradeRead the transaction list carefully before confirming. full-upgrade can remove packages when that is necessary to complete the upgrade, which is why it should not be treated as a blind daily command on production systems.
The apt-get equivalent is dist-upgrade:
sudo apt-get update
sudo apt-get dist-upgradeDespite the name, dist-upgrade does not move Ubuntu from one release to another. Release upgrades use the separate do-release-upgrade workflow, such as the process covered in our guide to upgrade to Ubuntu 24.04 LTS.
Reboot after kernel, systemd, driver, or graphics stack upgrades so the running system actually uses the new components. Use
sudo rebootwhen you are ready to restart active sessions and services.
Clean Up Unused Packages and APT Cache
Old dependency packages can remain after upgrades or removals. Preview the cleanup list before removing anything:
sudo apt autoremove --dry-runUbuntu 26.04 with no cleanup work pending reports a short summary:
Reading package lists... Building dependency tree... Reading state information... Solving dependencies... Summary: Upgrading: 0, Installing: 0, Removing: 0, Not Upgrading: 0
If the dry run lists packages you expect to remove, run the real cleanup:
sudo apt autoremoveReview the list before confirming. On reused desktops and long-lived servers, autoremove can include old kernels, desktop helper packages, or dependencies from software you removed earlier.
Clear downloaded package files from APT’s local cache when you need the disk space:
sudo apt cleanThis removes cached .deb files from /var/cache/apt/archives/. It does not uninstall packages; APT downloads the files again if you reinstall or upgrade later.
Automate or Speed Up Ubuntu Package Updates
Manual updates are still the safest default for workstations and servers where you want to review changes. For unattended security patching on systems you do not check every day, configure the built-in unattended upgrades service on Ubuntu.
If download speed is the bottleneck, install APT-Fast on Ubuntu only when parallel downloads fit your mirror and network setup. It accelerates package downloads, but APT still owns dependency resolution and installation.
Troubleshoot Ubuntu Package Update Issues
Most update failures come from an active package-manager lock, interrupted configuration, phased updates, held packages, or stale third-party repositories. Start with the symptom that matches your terminal output.
APT Lock File Is Already in Use
An APT lock error means another package process is active, often Ubuntu’s automatic updater or another terminal session. Check which process owns the lock before trying another update:
sudo fuser -v /var/lib/dpkg/lock-frontendIf the command lists an active apt, apt-get, dpkg, or unattended-upgrade process, wait for it to finish. Do not delete lock files while a package manager is running.
After an interrupted update and no active lock owner, finish pending package configuration and repair dependencies:
sudo dpkg --configure -a
sudo apt --fix-broken installPackages Are Kept Back or Deferred
Ubuntu may defer some updates through phased updates, or a package may be held manually. A simulated upgrade can show the reason before you make changes:
sudo apt -s upgradeA phased update message can look like this:
The following upgrades have been deferred due to phasing: gnome-shell gnome-shell-common heif-gdk-pixbuf heif-thumbnailer 0 upgraded, 0 newly installed, 0 to remove and 8 not upgraded.
If the simulation shows packages kept back because removals or replacements are required, review the full-upgrade transaction instead of forcing a single package install.
Phased updates normally resolve on their own as Ubuntu rolls the update to more systems. If a package is held instead, list held packages with:
apt-mark showholdNo output means no packages are manually held. Remove a deliberate hold only when you understand why it was set:
sudo apt-mark unhold package-nameBroken Packages After an Interrupted Update
A power loss, network drop, or closed terminal can leave packages unpacked but not configured. Repair that state with:
sudo dpkg --configure -a
sudo apt --fix-broken installThe first command completes package configuration scripts that were left pending. The second lets APT install missing dependencies or remove conflicting packages needed to restore a consistent package database.
Repository Errors During apt update
Errors such as Failed to fetch, 404 Not Found, or Release file is not valid yet usually point to a stale mirror, clock skew, network trouble, or a third-party repository that no longer publishes packages for your Ubuntu release.
If only a Launchpad PPA fails while Ubuntu’s own repositories still update, remove or fix that PPA rather than masking the error. Our guide to remove a PPA from Ubuntu covers the clean source-file and package-cache workflow.
Related Ubuntu Package Management Guides
- Remove packages on Ubuntu from the command line when cleanup means uninstalling software, purging configuration files, or reviewing dependency removal.
- Install Synaptic Package Manager on Ubuntu if you want a graphical package-management interface for browsing packages and applying updates.
- List installed packages on Ubuntu when you need a package inventory before upgrades, migrations, or system rebuilds.
Conclusion
Ubuntu package maintenance is ready to run from the terminal with a predictable flow: refresh metadata, review pending upgrades, apply the right upgrade command, and clean up only after checking what APT plans to remove. Pair that habit with regular Ubuntu package inventories and careful PPA cleanup on Ubuntu.
Formatting tips for your comment
You can use basic HTML to format your comment. Useful tags currently allowed in published comments:
<code>command</code>command<strong>bold</strong><em>italic</em><blockquote>quote</blockquote>