RSS Feed: Xerox Security Bulletins

Feed URL:   


Wat is een RSS feed?

'RSS (Really Simple Syndication) Feed' is een verzamelbegrip voor een groot aantal formats (incl. Atom 1.0 en RSS 2.0, die beide worden gebruikt door Xerox) die bekend zijn als 'syndication feeds'. 'Syndication feeds' vormen een manier om tekst, mediabestanden en andere content te publiceren op een wijze waarop gebruikers zich kunnen aanmelden voor toekomstige updates.

Hoe gebruik ik een RSS Feed?

Feeds worden normaliter uitgelezen met 'Feed Reader' applicaties. Er is een hele reeks van dergelijke applicaties in omloop. Sommige webbrowsers en e-mail clients kunnen feeds lezen, terwijl er ook web-based feed reader tools beschikbaar zijn, alsmede desktop applicaties speciaal voor het lezen van feeds.

Deze pagina is samengesteld om u te helpen bij het aanmelden voor een feed op verschillende manieren:

  • Als u zich wilt aanmelden voor een van de web-based tools die links staan vermeld, klik dan op het pictogram.
  • Als u zich wilt aanmelden voor een desktop applicatie, klik dan op de 'View feed XML' link hierboven.
  • Een andere optie is om de feed URL te kopiëren en plakken van het veld hierboven in uw feed reader applicatie.

Feed Content

Xerox Security Bulletin XRX14-008_V1.0
Mon Nov 10 06:32:46 2014

Xerox Security Bulletin XRX14-008
Bash Shellshock Command Line Interpreter Vulnerability
v1.0
11/10/2014


Background
A vulnerability has been discovered in the Bash command shell that can allow attackers to remotely execute commands on a target system. Even systems that don’t allow remote command shell connections may still use Bash to execute commands in the Apache web server and other network-facing applications. Unix and Unix-derived systems like Linux and Mac OS X are vulnerable to these attacks since they use Bash as the default command shell.

A Bash Shellshock document addressing this vulnerability has been posted to the URL www.xerox.com/security.

NOTE: Review the bulletin for a more complete list of devices.





Xerox Security Bulletin XRX14-006 V1.1
Fri Nov 7 01:59:48 2014

Xerox Security Bulletin XRX14-006
Bash Shellshock Command Line Interpreter Vulnerability
v1.1
11/07/2014


Background
A vulnerability has been discovered in the Bash command shell that can allow attackers to remotely execute commands on a target system. Even systems that don’t allow remote command shell connections may still use Bash to execute commands in the Apache web server and other network-facing applications. Unix and Unix-derived systems like Linux and Mac OS X are vulnerable to these attacks since they use Bash as the default command shell.

A Bash Shellshock document addressing this vulnerability has been posted to the URL www.xerox.com/security.





Xerox Security Bulletin XRX14-007 V1.0
Thu Nov 6 13:58:05 2014

FreeFlow Print Server v6, v7, v8 and v9
DocuSP Print Server v5
Bash/Shellshock Security Patch
v1.0

Background

This bulletin announces the availability of the following:
1.Bash Security Patch
The Bash/Shellshock patch for FFPS is now available on the Xerox Download Server (aka DMS). The patch is available on the DMS server for all FFPS Releases v7, v8, and v9. (For FFPS v6 and DocuSP 5, refer to the section below). The patch is not mandatory but will be included in future Security Patch Cluster releases. This patch has no dependency on prior-released Security Patch Clusters.

Security vulnerabilities that are remediated with this FFPS Security patch are:
CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278

2.Guide to Using the FFPS Software Update Manager
Customers can download this patch from the Xerox Download Server and install on FFPS using the FFPS Software Update Manager. This feature is included in the FFPS v7, v8, and v9 software releases. Use of the Update Manager requires that the System Administrator has some Unix/Linux/Solaris skills, and experience starting the Command Line (terminal window) tool on the FFPS UI.
The announcement is here:
http://www.xerox.com/information-security/information-security-articles-whitepapers/miss-enus.html

The User Guide document is available for download at this URL:
http://www.xerox.com/download/security/white-paper/eb628-5070df5f278f6/UserGuideForFFPS_SoftwareUpdateManager_Oct2014_v1.0.pdf
If a customer has difficulty performing these procedures, they should contact their local Xerox Service representative for further guidance.

Patch Installation for FFPS v6 and DocuSP v5
Because the FFPS Software Update tool is not available for the FFPS v6 and DocuSP v5 products, the patch must be provided by a Xerox CSE or Analyst. Please contact your local Xerox Service representative to request the patch file and if appropriate, schedule an action to have the patch installed. Because this patch is not mandatory and there is very little risk of vulnerability with FFPS, the action should be scheduled at a mutually-convenient time