Extreme Networks

Phend1703 · ‎07-24-2025

We have updated to latest version of Site Engine Version 25.05.12 and our CE+ audit is still showing two issues on SiteEngine.

Ubuntu Security Notification for Git Vulnerabilities (USN-7626-1)

Ubuntu Security Notification for Sudo Vulnerabilities (USN-7604-1)

https://www.tenable.com/plugins/nessus/241066

Can these be patched externally to SE Update or do we have to wait for next release ?

Any advice appreciated. Need to clear these off.

Regards

Patrick

Phend1703 · ‎07-24-2025

Thanks All. Yes we upgraded via the .bin-based upgrade process.

I will open a case and put on the resolution.

Robert_Haynes · ‎07-24-2025

Hello Patrick.

Officially you should open a case with GTAC support if you wish to pursue review and remediation for vulnerability response for Extreme products.

If you perform .bin-based upgrades of Site Engine from release to release on the next .bin-based upgrade both the above should be resolved (the packages on the OS will be updated). If you perform local upgrades (i.e. no internet) then these will not be resolved until a future release.

While it is possible for one to access the Ubuntu OS under-the-hood and try to upgrade these packages, this process from a customer/user standpoint is discouraged simply because there's no control over what other packages you may install or remove inadvertently during this process.

To help ensure both are tracked in a future release, open a case.

Zdeněk_Pala · ‎07-24-2025

Hi,

both these are quite new. Please open PSIRT ticket with GTAC.

Regards Zdeněk Pala

Extreme Networks

Ubuntu Security Notification on Site Engine Version 25.05.12

Ubuntu Security Notification on Site Engine Version 25.05.12