topic Re: Ubuntu Security Notification on Site Engine Version 25.05.12 in ExtremeCloud IQ- Site Engine Management Center

Ubuntu Security Notification on Site Engine Version 25.05.12

Phend1703 — Thu, 24 Jul 2025 11:36:22 GMT

We have updated to latest version of Site Engine Version 25.05.12 and our CE+ audit is still showing two issues on SiteEngine.

Ubuntu Security Notification for Git Vulnerabilities (USN-7626-1)

Ubuntu Security Notification for Sudo Vulnerabilities (USN-7604-1)

https://www.tenable.com/plugins/nessus/241066

Can these be patched externally to SE Update or do we have to wait for next release ?

Any advice appreciated. Need to clear these off.

Regards

Patrick

Re: Ubuntu Security Notification on Site Engine Version 25.05.12

Zdeněk_Pala — Thu, 24 Jul 2025 12:43:07 GMT

Hi,

both these are quite new. Please open PSIRT ticket with GTAC.

Re: Ubuntu Security Notification on Site Engine Version 25.05.12

Robert_Haynes — Thu, 24 Jul 2025 12:43:51 GMT

Hello Patrick.

Officially you should open a case with GTAC support if you wish to pursue review and remediation for vulnerability response for Extreme products.

If you perform .bin-based upgrades of Site Engine from release to release on the next .bin-based upgrade both the above should be resolved (the packages on the OS will be updated). If you perform local upgrades (i.e. no internet) then these will not be resolved until a future release.

While it is possible for one to access the Ubuntu OS under-the-hood and try to upgrade these packages, this process from a customer/user standpoint is discouraged simply because there's no control over what other packages you may install or remove inadvertently during this process.

To help ensure both are tracked in a future release, open a case.

Re: Ubuntu Security Notification on Site Engine Version 25.05.12

Phend1703 — Thu, 24 Jul 2025 13:51:27 GMT

Thanks All. Yes we upgraded via the .bin-based upgrade process.

I will open a case and put on the resolution.