 |
|
|
|
|
|
|
| RSS Feed: Xerox Security BulletinsFeed ContentXerox Security Bulletin XRX12-004 V1.0
Mon May 7 08:00:33 2012
The vulnerability documented in CVE-2011-3192 exists in the Web Server of the WorkCentre 5135/5150, and the WorkCentre 5632/5638/5645/5655/5665/5675/5687 models. If exploited the vulnerability could allow remote attackers to create a Denial of Service on the device.
A software solution (patch P50) is provided below. This solution is designed to be installed by the customer. Please follow the procedures in the bulletin to install the solution to protect your product from possible attack through the network.
The software solution is compressed into an 5.2 MB zip file and can be accessed via the link below or via the link following this bulletin announcement on www.xerox.com/security.
> cert_P50v2_WC56xx08_Patch
(zip archive 5.2M)
Xerox Security Bulletin XRX12-002 v1.1
Wed Mar 7 21:53:02 2012
FreeFlow Print Server (version 7.3)
Oracle January 2012 CPU OS and Security Patch Cluster (includes Java 6 Update 29 Software)
NOTE: We have released a new version of this bulletin to correct file size specifications and checksum information. No other technical information has been changed.
Oracle delivers quarterly Critical Patch Updates (CPU) to address US-CERT-announced Security vulnerabilities and deliver reliability improvements to the Solaris Operating System. Oracle no longer provides these patches to the general public, but Xerox is authorized to deliver them to Customers with active FreeFlow Print Server (FFPS) Support contracts (FSMA). Xerox customizes the patch deliveries as appropriate to each FFPS Product family, and tests the CPU patches on each supported SPAR Release prior to delivery. Customers who may have an Oracle Support Contract for their non-FFPS Solaris Servers should not install patches that have not been customized by Xerox. Otherwise the FFPS software could be damaged and result in downtime and a lengthy re-installation service call.
Consult the bulletin to see all the CVE vulnerabilities this bulletin fixes.
Xerox Security Bulletin XRX12-003 v1.1
Wed Mar 7 10:22:17 2012
NOTE: We are re-issuing this bulletin due to a spelling error of the name of one of the researchers. No technical content in the bulletin has changed.
Vulnerabilities exist that, if exploited, could allow remote attackers to insert arbitrary code into the device. This could occur with a specifically crafted Postscript or firmware job submitted to the device. If successful, an attacker could make unauthorized changes to the system configuration; however, customer and user passwords are not exposed.
As part of Xerox’s on-going efforts to protect customers, the ability to accept these specially crafted jobs can be disabled for the affected products listed in the bulletin. Links for the software needed are contained inside the bulletin.
|
