• Xerox Security Bulletin XRX17-024 V1.0 (PDF 298.2K)

    Xerox® FreeFlow® Print Server v2 Standalone Supports: Xerox® iGen®5 Press and Xerox® BrenvaTM HD Production InkJet Printer Products Patch Version: October 2017 Security Patch Update Includes: Java 8 Update 152, and Firefox v56.0.1 Patches

    Xerox Security Bulletin XRX17-023 V1.0 (PDF 226.2K)

    Xerox® FreeFlow® Print Server v2 Integrated Supports: Xerox® Color C60/C70 Printer Products Patch Version: October 2017 Security Patch Update

    Xerox Security Bulletin XRX17-022 V1.0 (PDF 69.3K)

    Xerox® FreeFlow® Print Server v7 and v9 Update Manager Network Delivery of: July 2017 Security Patch Cluster Java 7 Update 151

    Xerox Security Bulletin XRX17-021 V1.0 (PDF 203.2K)

    Xerox® FreeFlow® Print Server v7 and v9 Media Delivery (DVD/USB) of: July 2017 Security Patch Cluster Java 7 Update 151

    Xerox Security Bulletin XRX17-020 V1.0 (PDF 217.8K)

    Xerox® FreeFlow® Print Server v8 Update Manager Network Delivery of: July 2017 Security Patch Cluster Java 6 Update 161

    Xerox Security Bulletin XRX17-018 V1.0 (PDF 231.5K)

    Xerox® FreeFlow® Print Server v2 Standalone Supports Xerox® iGen®5 Press and Xerox® Brenva TM HD Production InkJet Printer Products

    Xerox Security Bulletin XRX16-003 V1.0 (PDF 273.6K)

    This software contains fixes for many security vulnerabilities.

    Note: Bulletin XRX16-002 is for media-based installation by a Xerox Service representative, bulletin XRX16-003 is for using Update Manager by customers internal IM staff or a Xerox Service representative.

    Xerox Security Bulletin XRX16-002 V1.0 (PDF 352.4K)

    This software contains fixes for many security vulnerabilities.

    Note: Bulletin XRX16-002 is for media-based installation by a Xerox Service representative, bulletin XRX16-003 is for using Update Manager by customers internal IM staff or a Xerox Service representative.

    Xerox Security Bulletin XRX15-007 V1.0 (PDF 301.3K)

    Software upgrade patch for Free Flow Print Server fixes numerous security CVEs. Java 6 Update 101 Software is included in this release.

    This covers Update Manager delivery of the patch.

    Xerox Security Bulletin XRX15-006 V1.0 (PDF 220.9K)

    Software upgrade patch for Free Flow Print Server fixes numerous security CVEs. Java 6 Update 101 Software is included in this release.

    This covers media delivery of the patch.

    Xerox Security Bulletin XRX14-007 V1.0 (PDF 316.3K)

    FreeFlow Print Server v6, v7, v8 and v9 DocuSP Print Server v5 Bash/Shellshock Security Patch v1.0

    Background This bulletin announces the availability of the following: 1.Bash Security Patch The Bash/Shellshock patch for FFPS is now available on the Xerox Download Server (aka DMS). The patch is available on the DMS server for all FFPS Releases v7, v8, and v9. (For FFPS v6 and DocuSP 5, refer to the section below). The patch is not mandatory but will be included in future Security Patch Cluster releases. This patch has no dependency on prior-released Security Patch Clusters.

    Security vulnerabilities that are remediated with this FFPS Security patch are: CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278

    2.Guide to Using the FFPS Software Update Manager Customers can download this patch from the Xerox Download Server and install on FFPS using the FFPS Software Update Manager. This feature is included in the FFPS v7, v8, and v9 software releases. Use of the Update Manager requires that the System Administrator has some Unix/Linux/Solaris skills, and experience starting the Command Line (terminal window) tool on the FFPS UI. The announcement is on the Articles and White Papers page.

    The User Guide document is available for download at this URL: http://www.xerox.com/download/security/white-paper/eb628-5070df5f278f6/UserGuideForFFPS_SoftwareUpdateManager_Oct2014_v1.0.pdf If a customer has difficulty performing these procedures, they should contact their local Xerox Service representative for further guidance.

    Patch Installation for FFPS v6 and DocuSP v5 Because the FFPS Software Update tool is not available for the FFPS v6 and DocuSP v5 products, the patch must be provided by a Xerox CSE or Analyst. Please contact your local Xerox Service representative to request the patch file and if appropriate, schedule an action to have the patch installed. Because this patch is not mandatory and there is very little risk of vulnerability with FFPS, the action should be scheduled at a mutually-convenient time

    Xerox Security Bulletin XRX14-004 v1.0 (PDF 715.7K)

    FreeFlow Print Server v7, v8 and v9 April 2014 Security Patch Cluster

    Background Oracle delivers quarterly Critical Patch Updates (CPU) to address US-CERT-announced Security vulnerabilities and deliver reliability improvements to the Solaris Operating System. Oracle no longer provides these patches to the general public, but Xerox is authorized to deliver them to Customers with active FreeFlow Print Server (FFPS) Support Contracts (FSMA). Customers who may have an Oracle Support Contract for their non-FFPS Solaris Servers should not install patches that have not been customized by Xerox. Otherwise the FFPS software could be damaged and result in downtime and a lengthy re-installation service call.

    This bulletin announces the availability of the following:

    1. April 2014 Security Patch Cluster This supersedes the January 2014 Security Patch Cluster 2. Java 6 Update 75 Software This supersedes Java 6 Update 71 Software

    Xerox Security Bulletin XRX14-002 v1.0 (PDF 66.9K)

    FreeFlow Print Server v7, v8 and v9 January 2014 Security Patch Cluster (includes Java 6 Update 71 Software)

    Oracle delivers quarterly Critical Patch Updates (CPU) to address US-CERT-announced Security vulnerabilities and deliver reliability improvements to the Solaris Operating System. Oracle no longer provides these patches to the general public, but Xerox is authorized to deliver them to Customers with active FreeFlow Print Server (FFPS) Support Contracts (FSMA). Customers who may have an Oracle Support Contract for their non-FFPS Solaris Servers should not install patches that have not been customized by Xerox. Otherwise the FFPS software could be damaged and result in downtime and a lengthy re-installation service call.

    This bulletin announces the availability of the following:

    1. Jan 2014 Security Patch Cluster This supersedes the October 2013 Security Patch Cluster 2. Java 6 Update 71 Software This supersedes Java 6 Update 65 Software

    Xerox Security Bulletin XRX13-007 v1.0 (PDF 72K)

    FreeFlow Print Server v7, v8 and v9 July 2013 Security Patch Cluster (includes Java 6 Update 51 Software)

    Oracle delivers quarterly Critical Patch Updates (CPU) to address US-CERT-announced Security vulnerabilities and deliver reliability improvements to the Solaris Operating System. Oracle no longer provides these patches to the general public, but Xerox is authorized to deliver them to Customers with active FreeFlow Print Server (FFPS) Support Contracts (FSMA). Customers who may have an Oracle Support Contract for their non-FFPS Solaris Servers should not install patches that have not been customized by Xerox. Otherwise the FFPS software could be damaged and result in downtime and a lengthy re-installation service call.

    This bulletin announces the availability of the following:

    1. July 2013 Security Patch Cluster This supersedes the April 2013 Security Patch Cluster 2. Java 6 Update 51 Software This supersedes Java 6 Update 45 Software

    Consult the bulletin to see all the CVE vulnerabilities this bulletin fixes.

    Xerox Security Bulletin XRX13-004 v1.0 (PDF 90K)

    FreeFlow Print Server v7 January 2013 Security Patch Cluster (includes Java 6 Update 39 Software) Oracle delivers quarterly Critical Patch Updates (CPU) to address US-CERT-announced Security vulnerabilities and deliver reliability improvements to the Solaris Operating System. Oracle no longer provides these patches to the general public, but Xerox is authorized to deliver them to Customers with active FreeFlow Print Server (FFPS) Support contracts (FSMA). Customers who may have an Oracle Support Contract for their non-FFPS Solaris Servers should not install patches that have not been customized by Xerox. Otherwise the FFPS software could be damaged and result in downtime and a lengthy re-installation service call.

    This bulletin announces the availability of the following:

    1. January 2013 Security Patch Cluster This supersedes the October 2012 Security Patch Cluster 2. Java 6 Update 39 Software This supersedes Java 6 Update 37 Software

    Consult the bulletin to see all the CVE vulnerabilities this bulletin fixes.

    Xerox Security Bulletin XRX13-003 v1.0 (PDF 88.6K)

    FreeFlow Print Server v8 January 2013 Security Patch Cluster (includes Java 6 Update 37 Software) Oracle delivers quarterly Critical Patch Updates (CPU) to address US-CERT-announced Security vulnerabilities and deliver reliability improvements to the Solaris Operating System. Oracle no longer provides these patches to the general public, but Xerox is authorized to deliver them to Customers with active FreeFlow Print Server (FFPS) Support contracts (FSMA). Customers who may have an Oracle Support Contract for their non-FFPS Solaris Servers should not install patches that have not been customized by Xerox. Otherwise the FFPS software could be damaged and result in downtime and a lengthy re-installation service call.

    This bulletin announces the availability of the following:

    1. January 2013 Security Patch Cluster This supersedes the October 2012 Security Patch Cluster 2. Java 6 Update 37 Software This supersedes Java 6 Update 33 Software

    Consult the bulletin to see all the CVE vulnerabilities this bulletin fixes.

    Xerox Security Bulletin XRX12-009 v1.1 (PDF 90.7K)

    FreeFlow Print Server v7.3 July 2012 Security Patch Cluster (includes Java 6 Update 33 Software) NOTE: This document has been updated to provide corrected file size and checksum information.

    Oracle delivers quarterly Critical Patch Updates (CPU) to address US-CERT-announced Security vulnerabilities and deliver reliability improvements to the Solaris Operating System. Oracle no longer provides these patches to the general public, but Xerox is authorized to deliver them to Customers with active FreeFlow Print Server (FFPS) Support contracts (FSMA). Customers who may have an Oracle Support Contract for their non-FFPS Solaris Servers should not install patches that have not been customized by Xerox. Otherwise the FFPS software could be damaged and result in downtime and a lengthy re-installation service call.

    This bulletin announces the availability of the following: 1. July 2012 Security Patch Cluster This supersedes the April 2012 Security Patch Cluster 2. Java 6 Update 33 Software This supersedes Java 6 Update 31 Software

    Consult the bulletin to see all the CVE vulnerabilities this bulletin fixes.

    Xerox Security Bulletin XRX12-010 v1.1 (PDF 91.2K)

    FreeFlow Print Server v8 July 2012 Security Patch Cluster (includes Java 6 Update 33 Software) v1.1 NOTE: This bulletin has been re-issued to update file size and checksum information. Oracle delivers quarterly Critical Patch Updates (CPU) to address US-CERT-announced Security vulnerabilities and deliver reliability improvements to the Solaris Operating System. Oracle no longer provides these patches to the general public, but Xerox is authorized to deliver them to Customers with active FreeFlow Print Server (FFPS) Support contracts (FSMA). Customers who may have an Oracle Support Contract for their non-FFPS Solaris Servers should not install patches that have not been customized by Xerox. Otherwise the FFPS software could be damaged and result in downtime and a lengthy re-installation service call.

    This bulletin announces the availability of the following: 1. July 2012 Security Patch Cluster This supersedes the April 2012 Security Patch Cluster 2. Java 6 Update 33 Software This supersedes Java 6 Update 31 Software

    Consult the bulletin to see all the CVE vulnerabilities this bulletin fixes.

    Xerox Security Bulletin XRX12-006 v1.0 (PDF 89.3K)

    FreeFlow Print Server April 2012 OS and Security Patch Cluster (includes Java 6 Update 31 Software)

    Oracle delivers quarterly Critical Patch Updates (CPU) to address US-CERT-announced Security vulnerabilities and deliver reliability improvements to the Solaris Operating System. Oracle no longer provides these patches to the general public, but Xerox is authorized to deliver them to Customers with active FreeFlow Print Server (FFPS) Support contracts (FSMA). Customers who may have an Oracle Support Contract for their non-FFPS Solaris Servers should not install patches that have not been customized by Xerox. Otherwise the FFPS software could be damaged and result in downtime and a lengthy re-installation service call.

    This bulletin announces the availability of the following: 1. April 2012 Security Patch Cluster This supersedes the January 2012 Security Patch Cluster 2. Java 6 Update 31 Software This supersedes Java 6 Update 29 Software

    Consult the bulletin to see all the CVE vulnerabilities this bulletin fixes.

    Xerox Security Bulletin XRX11-003 (PDF 71.8K)

    FreeFlow Print Server Oracle July 2011 CPU OS and Security Patch Cluster (includes Java 6 Update 26 Software) Oracle delivers quarterly Critical Patch Updates (CPU) to address US-CERT-announced Security vulnerabilities and deliver reliability improvements to the Solaris Operating System. Oracle no longer provides these patches to the general public, but Xerox is authorized to deliver them to Customers with active FreeFlow Print Server (FFPS) Support contracts (FSMA). Xerox customizes the patch deliveries as appropriate to each FFPS Product family, and tests the CPU patches on each supported SPAR Release prior to delivery. Customers who may have an Oracle Support Contract for their non-FFPS Solaris Servers should not install patches that have not been customized by Xerox. Otherwise the FFPS software could be damaged and result in downtime and a lengthy re-installation service call.

    Consult the bulletin to see all the CVE vulnerabilities this bulletin fixes.