RSS Feed: Xerox Security Bulletins
Xerox Security Bulletin XRX13-005 v1.0
Thu Apr 11 13:30:31 2013
Cumulative update for Common Criteria Certification
System Software Version 061.090.221.36202 for the WorkCentre 7755/7765/7775 models is a cumulative update that incorporates security vulnerability fixes up through 19 Oct 2012 as well as other non-security related defect fixes. This release is Common Criteria certified (see http://www.xerox.com/information-security/common-criteria-certified/enus.html).
This system software release for the products listed is designed to be installed by the customer. Please follow the procedures in the bulletin document to install the solution. This system software version is a full system release so the patch criticality rating is not applicable.
The software release is compressed into a 237.9 MB zip file and can be accessed via the link below or via the link contained in the bulletin announcement on www.xerox.com/security.
Xerox Security Bulletin XRX13-004 v1.0
Tue Apr 2 14:38:29 2013
FreeFlow Print Server v7
January 2013 Security Patch Cluster (includes Java 6 Update 39 Software)
Oracle delivers quarterly Critical Patch Updates (CPU) to address US-CERT-announced Security vulnerabilities and deliver reliability improvements to the Solaris Operating System. Oracle no longer provides these patches to the general public, but Xerox is authorized to deliver them to Customers with active FreeFlow Print Server (FFPS) Support contracts (FSMA). Customers who may have an Oracle Support Contract for their non-FFPS Solaris Servers should not install patches that have not been customized by Xerox. Otherwise the FFPS software could be damaged and result in downtime and a lengthy re-installation service call.
This bulletin announces the availability of the following:
1. January 2013 Security Patch Cluster
This supersedes the October 2012 Security Patch Cluster
2. Java 6 Update 39 Software
This supersedes Java 6 Update 37 Software
Consult the bulletin to see all the CVE vulnerabilities this bulletin fixes.
Xerox Security Bulletin XRX12-005 V1.1
Mon Mar 25 14:30:30 2013
The Xerox devices ColorQube® 9201/9202/9203, ColorQube® 9301/9302/9303, WorkCentre® 232/238/245/255/265/275, WorkCentre® 5030/5050, WorkCentre® 5135/5150, WorkCentre® 5632/5638/5645/5655/5665/5675/5687, WorkCentre® 5735/5740/5745/5755/5765/5775/5790, WorkCentre® 6400, WorkCentre® 7525/7530/7535/7545/7556, WorkCentre® 7655/7665/7675, WorkCentre® 7755/7765/7775, WorkCentre® Bookmark 40/55, WorkCentre Pro® 232/238/245/255/265/275 were shipped with certain protocols enabled that, if properly exploited, could be used to gain
unauthorized access to the system. These particular protocols should not have been present in the production configuration and need to be removed from that configuration to minimize the possibility of unauthorized system access.
A software solution (patch P49) is provided for the products listed. This solution will remove from the production configuration the unwanted protocols in question so they can’t be exploited to gain unauthorized access to the system.
This solution is designed to be installed by the customer. The software solution is compressed into a 3 KB zip file and can be accessed via the link below or via the link following this bulletin announcement on http://www.xerox.com/security.
Software available through this link:
(zip archive 2.5K)