RSS Feed: Xerox Security Bulletins

Feed URL:   


What is an RSS Feed?

"RSS (Really Simple Syndication) Feed" is a generic term for a variety of formats (including Atom 1.0 and RSS 2.0, both of which are used by Xerox) of what are known as "syndication feeds". Syndication feeds are a way of publishing text, media files and other content in a manner that allows users to subscribe to future updates.

How do I use an RSS Feed?

Feeds are usually read with "Feed Reader" applications. There are a variety of these applications in many forms. Some web browsers and e-mail clients can read feeds, there are a number of web-based feed reader tools and there are desktop applications dedicated to reading feeds.

This page is designed to help you subscribe to a feed, in a variety of ways:

  • To subscribe in one of the web-based tools listed to the left, just click on the icon.
  • To subscribe in a desktop application, click the "View feed XML" link above.
  • Another option is to copy and paste the feed URL from the box above into your feed reader application.

Feed Content

Xerox Security Bulletin XRX14-008_V1.0
Mon Nov 10 06:32:46 2014

Xerox Security Bulletin XRX14-008
Bash Shellshock Command Line Interpreter Vulnerability
v1.0
11/10/2014


Background
A vulnerability has been discovered in the Bash command shell that can allow attackers to remotely execute commands on a target system. Even systems that don’t allow remote command shell connections may still use Bash to execute commands in the Apache web server and other network-facing applications. Unix and Unix-derived systems like Linux and Mac OS X are vulnerable to these attacks since they use Bash as the default command shell.

A Bash Shellshock document addressing this vulnerability has been posted to the URL www.xerox.com/security.

NOTE: Review the bulletin for a more complete list of devices.





Xerox Security Bulletin XRX14-006 V1.1
Fri Nov 7 01:59:48 2014

Xerox Security Bulletin XRX14-006
Bash Shellshock Command Line Interpreter Vulnerability
v1.1
11/07/2014


Background
A vulnerability has been discovered in the Bash command shell that can allow attackers to remotely execute commands on a target system. Even systems that don’t allow remote command shell connections may still use Bash to execute commands in the Apache web server and other network-facing applications. Unix and Unix-derived systems like Linux and Mac OS X are vulnerable to these attacks since they use Bash as the default command shell.

A Bash Shellshock document addressing this vulnerability has been posted to the URL www.xerox.com/security.





Xerox Security Bulletin XRX14-007 V1.0
Thu Nov 6 13:58:05 2014

FreeFlow Print Server v6, v7, v8 and v9
DocuSP Print Server v5
Bash/Shellshock Security Patch
v1.0

Background

This bulletin announces the availability of the following:
1.Bash Security Patch
The Bash/Shellshock patch for FFPS is now available on the Xerox Download Server (aka DMS). The patch is available on the DMS server for all FFPS Releases v7, v8, and v9. (For FFPS v6 and DocuSP 5, refer to the section below). The patch is not mandatory but will be included in future Security Patch Cluster releases. This patch has no dependency on prior-released Security Patch Clusters.

Security vulnerabilities that are remediated with this FFPS Security patch are:
CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278

2.Guide to Using the FFPS Software Update Manager
Customers can download this patch from the Xerox Download Server and install on FFPS using the FFPS Software Update Manager. This feature is included in the FFPS v7, v8, and v9 software releases. Use of the Update Manager requires that the System Administrator has some Unix/Linux/Solaris skills, and experience starting the Command Line (terminal window) tool on the FFPS UI.
The announcement is here:
http://www.xerox.com/information-security/information-security-articles-whitepapers/miss-enus.html

The User Guide document is available for download at this URL:
http://www.xerox.com/download/security/white-paper/eb628-5070df5f278f6/UserGuideForFFPS_SoftwareUpdateManager_Oct2014_v1.0.pdf
If a customer has difficulty performing these procedures, they should contact their local Xerox Service representative for further guidance.

Patch Installation for FFPS v6 and DocuSP v5
Because the FFPS Software Update tool is not available for the FFPS v6 and DocuSP v5 products, the patch must be provided by a Xerox CSE or Analyst. Please contact your local Xerox Service representative to request the patch file and if appropriate, schedule an action to have the patch installed. Because this patch is not mandatory and there is very little risk of vulnerability with FFPS, the action should be scheduled at a mutually-convenient time