RSS Feed: Xerox Security Bulletins
Xerox Security Bulletin XRX13-006 v1.3
Thu Nov 7 08:19:14 2013
NOTE: This bulletin has been updated to correct software procedure error in the ColorQube 93XX devices. Contact Xerox Technical Support to obtain system software release 071.180.203.06400 and the instructions for installing this release; if your current system software release is 061.180.223.11601 or less there are interim steps that have to be followed before you can upgrade your device to system software release 071.180.203.06400. A new version of the bulletin will be published once the new information becomes available.
Cumulative update for Common Criteria Certification
System Software Versions listed below for the WorkCentre 5845/5855/5865/5875/5890, WorkCentre 7220/7225, WorkCentre 7830/7835/7845/7855 and ColorQube 9301/9302/9303 models are cumulative updates that incorporate security vulnerability fixes up through 06 March 2013 as well as other non-security related defect fixes. These four releases are Common Criteria certified (see http://www.xerox.com/information-security/common-criteria-certified/enus.html).
These system software releases for the products listed are designed to be installed by the customer. Please follow the procedures in the bulletin document to install the solution. The system software versions are full system releases so the patch criticality rating is not applicable.
These software releases are compressed into zip files and can be accessed via the links in the bulletin document.
Xerox Security Bulletin XRX13-008 v1.0
Thu Oct 24 07:08:33 2013
Software Release to Eliminate Unauthorized Access
Note: This bulletin has been re-issued to correct a typographical error in the URL string for one of the product ZIP files.
The Xerox products ColorQube 9201/9202/9203, WorkCentre 6400, WorkCentre 7525/7530/7535/7545/7556, and WorkCentre 7755/7765/7775 contain code for implementing a remote protocol that could be exploited to gain unauthorized access to the device.
The software release indicated in the bulletin will perform the following action:
Remove the affected code that unintentionally created the unauthorized access potential.
A software release for the products listed has been provided. This release is designed to be installed by the customer. The software release is contained in a zip file and can be accessed via the links in this bulletin announcement or on www.xerox.com/security.
Xerox Security Bulletin XRX13-007 v1.0
Tue Aug 27 14:41:07 2013
FreeFlow Print Server v7, v8 and v9
July 2013 Security Patch Cluster (includes Java 6 Update 51 Software)
Oracle delivers quarterly Critical Patch Updates (CPU) to address US-CERT-announced Security vulnerabilities and deliver reliability improvements to the Solaris Operating System. Oracle no longer provides these patches to the general public, but Xerox is authorized to deliver them to Customers with active FreeFlow Print Server (FFPS) Support Contracts (FSMA). Customers who may have an Oracle Support Contract for their non-FFPS Solaris Servers should not install patches that have not been customized by Xerox. Otherwise the FFPS software could be damaged and result in downtime and a lengthy re-installation service call.
This bulletin announces the availability of the following:
1. July 2013 Security Patch Cluster
This supersedes the April 2013 Security Patch Cluster
2. Java 6 Update 51 Software
This supersedes Java 6 Update 45 Software
Consult the bulletin to see all the CVE vulnerabilities this bulletin fixes.