RSS-Feed: Xerox Security Bulletins

Feed-URL:   


Was ist ein RSS-Feed?

"RSS-Feed" (RSS = Really Simple Syndication) ist eine allgemeine Bezeichnung für so genannte "Syndication-Feeds" in unterschiedlichen Formaten (z. B. die auch von Xerox verwendeten Formate Atom 1.0 und RSS 2.0). Syndication-Feeds ermöglichen die Veröffentlichung von Text- und Medieninhalten. Benutzer können sie abonnieren, so dass sie immer die neuesten Inhalte erhalten.

Wie abonniere ich einen RSS-Feed?

Feeds werden in der Regel mit so genannten "Feedreadern" gelesen. Es gibt zahlreiche Feedreader-Anwendungen in unterschiedlichen Formen. So sind einige Webbrowser und E-Mail-Programme in der Lage, Feeds zu lesen. Außerdem gibt es verschiedene Feedreader-Anwendungen im Web und spezifische Desktop-Programme zum Lesen von Feeds.

Diese Seite erleichtert es Ihnen, einen Feed auf die gewünschte Weise zu abonnieren:

  • Um den Feed mit einer der links aufgeführten Online-Anwendungen zu abonnieren, klicken Sie auf das entsprechende Symbol.
  • Um den Feed mit einem Desktop-Programm zu abonnieren, klicken Sie oben auf "Feed-XML anzeigen"
  • Sie können den Feed-URL auch im obenstehenden Feld kopieren und in Ihre Feedreader-Anwendung einfügen.

Feed-Inhalt

Xerox Security Bulletin XRX14-008_V1.0
Mon Nov 10 06:32:46 2014

Xerox Security Bulletin XRX14-008
Bash Shellshock Command Line Interpreter Vulnerability
v1.0
11/10/2014


Background
A vulnerability has been discovered in the Bash command shell that can allow attackers to remotely execute commands on a target system. Even systems that don’t allow remote command shell connections may still use Bash to execute commands in the Apache web server and other network-facing applications. Unix and Unix-derived systems like Linux and Mac OS X are vulnerable to these attacks since they use Bash as the default command shell.

A Bash Shellshock document addressing this vulnerability has been posted to the URL www.xerox.com/security.

NOTE: Review the bulletin for a more complete list of devices.





Xerox Security Bulletin XRX14-006 V1.1
Fri Nov 7 01:59:48 2014

Xerox Security Bulletin XRX14-006
Bash Shellshock Command Line Interpreter Vulnerability
v1.1
11/07/2014


Background
A vulnerability has been discovered in the Bash command shell that can allow attackers to remotely execute commands on a target system. Even systems that don’t allow remote command shell connections may still use Bash to execute commands in the Apache web server and other network-facing applications. Unix and Unix-derived systems like Linux and Mac OS X are vulnerable to these attacks since they use Bash as the default command shell.

A Bash Shellshock document addressing this vulnerability has been posted to the URL www.xerox.com/security.





Xerox Security Bulletin XRX14-007 V1.0
Thu Nov 6 13:58:05 2014

FreeFlow Print Server v6, v7, v8 and v9
DocuSP Print Server v5
Bash/Shellshock Security Patch
v1.0

Background

This bulletin announces the availability of the following:
1.Bash Security Patch
The Bash/Shellshock patch for FFPS is now available on the Xerox Download Server (aka DMS). The patch is available on the DMS server for all FFPS Releases v7, v8, and v9. (For FFPS v6 and DocuSP 5, refer to the section below). The patch is not mandatory but will be included in future Security Patch Cluster releases. This patch has no dependency on prior-released Security Patch Clusters.

Security vulnerabilities that are remediated with this FFPS Security patch are:
CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278

2.Guide to Using the FFPS Software Update Manager
Customers can download this patch from the Xerox Download Server and install on FFPS using the FFPS Software Update Manager. This feature is included in the FFPS v7, v8, and v9 software releases. Use of the Update Manager requires that the System Administrator has some Unix/Linux/Solaris skills, and experience starting the Command Line (terminal window) tool on the FFPS UI.
The announcement is here:
http://www.xerox.com/information-security/information-security-articles-whitepapers/miss-enus.html

The User Guide document is available for download at this URL:
http://www.xerox.com/download/security/white-paper/eb628-5070df5f278f6/UserGuideForFFPS_SoftwareUpdateManager_Oct2014_v1.0.pdf
If a customer has difficulty performing these procedures, they should contact their local Xerox Service representative for further guidance.

Patch Installation for FFPS v6 and DocuSP v5
Because the FFPS Software Update tool is not available for the FFPS v6 and DocuSP v5 products, the patch must be provided by a Xerox CSE or Analyst. Please contact your local Xerox Service representative to request the patch file and if appropriate, schedule an action to have the patch installed. Because this patch is not mandatory and there is very little risk of vulnerability with FFPS, the action should be scheduled at a mutually-convenient time