I am running Debian Stable on all our servers. Debian Stable always gets security and other important updates time to time which includes Kernel Updates too. Do one have to immediately update all packages including kernel? What should be the most commonly adopted Server Update Policy?
SnapOverflow
Subscribe to the Debian Security Announce mailing list. These mails give information about the type and severity of the vulnerability the update fixes. You can use this information to determine how critical updating is in your situation.
In my experience the QA of Debian stable is good enough to install all updates immediately. Only with the kernel I postpone updating/rebooting unless it is a major security issue.
In our case, generally speaking, all security updates go on shortly after they arrive.
For public or client facing servers, make sure you apply the updated packages to a test environment first so that you can double check the update is not likely impact the services provided by those servers - if you find a problem (perhaps an app was inadvertently making use of an "undefined" behaviour that is changed by the revisions made for a security fix) then you have are forewarned and can address that issue before applying the updates to the live environment.
Unless one of the updates is for an exploit that is already circulating in the wild (these things tend to be big news, so I'd know hopefully) I do hold back a little and perhaps apply changes a day later. That avoids being one of the pioneers that get scalped by an update for which something significant was missed in testing. This is particularly true of updates to the kernel and SSHd on machines I do not have easy physical access to (i.e. in a remote DC with no KVMoIP) - those things that, if broken, could stop the machine coming back up after boot or being remotely manageable,
That depends on the environment you are operating on. If the server absolutely does not have to be 24/7/365 and some downtime is acceptable, go ahead and upgrade everything at will.
But the more critical the environment, the more careful one has to be.
When upgrading it's always important to evaluate if it's a) necessary and b) safe to perform the upgrade (does the custom application Foo still continue running even after the updates?). Do not panic & rush to upgrade everything under the sun right away, always test the updates first in some test environment.