No Automatic Updates in Ubuntu Server
Given the importance of patching to maintain system security, you might be surprised to learn that Ubuntu Server doesn't have any specific mechanism for automatically downloading and installing security updates. I can explain why in two words: change control.
On a production server that does real work, it's a bad idea to apply any patches, even security updates, until after you've tested them on a similar server in a lab to make sure they don't break anything. Sure, you can run the commands aptitude -y update, aptitude -y upgrade, aptitude -y dist-upgrade and aptitude -y autoclean from a cron job each night. But that -y option, which allows aptitude to run unattended, also might cause a package update to overwrite some custom configuration file with a default configuration.
On a server, you're better off running these commands manually as needed, without the -y option (after first doing so on a test system if you run in a change-controlled environment). That way, you'll be prompted before any configuration files are overwritten, and you'll be able to observe firsthand the changes aptitude makes to your system as they happen. Subscribe to the ubuntu-security-announce mailing list (via
www.ubuntu.com/support/community/mailinglists) to receive e-mail notifications of security patches as they're made available.