Patches are usually applied to source code, after which that code is compiled (and perhaps installed them). If you're working with binary packages, your only option is to see if newer packages are in the reposity and install them from there. That means basically monitoring your package manager application, in this case Up2Date I guess.
You can extend your filesystems by having backups which you surely have if it's important data, then bying more physical storage, making bigger filesystems on them and then putting the data back. That's the rough way. Or you can just use LVM if you like - if there is no problem, then there is no problem. If there is, somebody should notice it and complain about it.