Xerox Security Bulletin XRX19C (PDF 91.7K)

V1.0                                                                                                                                                                                                                                                                                                        Xerox® ColorQube®8700/8900                                                                                                                                                                                                                                                                          Xerox® ColorQube®9301/9302/9303      

Xerox Security Bulletin XRX18AJ (PDF 228.3K)

V1.0

Xerox® ColorQube® 8700/8900

Xerox® ColorQube® 9301/9302/9303

SPAR Release 072.xxx.018.28400

Xerox Security Mini Bulletin XRX17AT V1.0 (PDF 283K)

Xerox® ColorQube® 8700/8900 Multifunction Printer Xerox® ColorQube® 9301/9302/9303 Multifunction Printer ConnectKey 1.5 SPAR Release 072.xxx.247.30500

Xerox Security Mini Bulletin XRX16O_V1.1 (PDF 113.9K)

Contains fix for CVE-2015-2808 Bar Mitzvah (RC4 removed) and CVE-2015-7547 glibc vulnerability on ColorQube 8700/8900 and 9301/9302/9303.

Xerox Security Bulletin XRX15-001 V1.1 (PDF 267.7K)

Xerox Security Bulletin XRX15-001 V1.1 1/20/2015 Re-Issued this date to remove “draft” from file title. Cumulative update for Common Criteria Certification

NOTE: Version 1.1 was published to fix a URL typo.

The System Software Versions for the WorkCentre 5845/5855/5865/5875/5890, WorkCentre 7220/7225, WorkCentre 7830/7835/7845/7855, ColorQube 8700/8900 and ColorQube 9301/9302/9303 models are cumulative updates that incorporate security vulnerability fixes up through 06 June 2014 as well as other non-security related defect fixes. These releases are Common Criteria certified.

The system software releases for the products are designed to be installed by the customer. Please follow the links and procedures contained in the bulletin to install the solution. The system software versions are full system releases so the patch criticality rating is not applicable.

Xerox Mini Security Bulletin XRX14B v1.1 (PDF 249K)

NOTE: This Bulletin was re-released to correct an error. No Service Call is needed for installation of this software.

ColorQube 8700/8900 ColorQube 9301/9302/9303 WorkCentre 5845/5855/5865/5875/5890 WorkCentre 7220/7225 WorkCentre 7830/7835/7845/7855

Xerox Security Bulletin XRX13-002 v1.1 (PDF 61.4K)

Cumulative update for Common Criteria Certification System Software Version 061.080.221.36200 for the ColorQube 9201/9202/9203 Single Board Controller models is a cumulative update that incorporates security vulnerability fixes up through 06 Jan 2012 as well as other non-security related defect fixes. This release is Common Criteria certified.

This system software release for the products listed below is designed to be installed by the customer. Please follow the procedures in the bulletin to install the solution. This system software version is a full system release so the patch criticality rating is not applicable.

The software release is compressed into a 441.3 MB zip file and can be accessed via the link in this bulletin document.

Xerox Security Bulletin XRX13-006 v1.3 (PDF 101.3K)

NOTE: This bulletin has been updated to correct software procedure error in the ColorQube 93XX devices. Contact Xerox Technical Support to obtain system software release 071.180.203.06400 and the instructions for installing this release; if your current system software release is 061.180.223.11601 or less there are interim steps that have to be followed before you can upgrade your device to system software release 071.180.203.06400. A new version of the bulletin will be published once the new information becomes available.

Cumulative update for Common Criteria Certification System Software Versions listed below for the WorkCentre 5845/5855/5865/5875/5890, WorkCentre 7220/7225, WorkCentre 7830/7835/7845/7855 and ColorQube 9301/9302/9303 models are cumulative updates that incorporate security vulnerability fixes up through 06 March 2013 as well as other non-security related defect fixes. These four releases are Common Criteria certified.

These system software releases for the products listed are designed to be installed by the customer. Please follow the procedures in the bulletin document to install the solution. The system software versions are full system releases so the patch criticality rating is not applicable.

These software releases are compressed into zip files and can be accessed via the links in the bulletin document.

.

Xerox Security Bulletin XRX13-006 v1.2 (PDF 96.8K)

NOTE: The new version 1.2 of this bulletin has been updated to detail a software procedure error in the ColorQube 93XX devices. The process to update a ColorQube 93XX device to the Common Criteria Certified version of software may require an extra step depending on the current software version. The details are contained in the bulletin along with an updated link to the CCC version of software.

Cumulative update for Common Criteria Certification System Software Versions listed below for the WorkCentre 5845/5855/5865/5875/5890, WorkCentre 7220/7225, WorkCentre 7830/7835/7845/7855 and ColorQube 9301/9302/9303 models are cumulative updates that incorporate security vulnerability fixes up through 06 March 2013 as well as other non-security related defect fixes. These four releases are Common Criteria certified.

These system software releases for the products listed are designed to be installed by the customer. Please follow the procedures in the bulletin document to install the solution. The system software versions are full system releases so the patch criticality rating is not applicable.

These software releases are compressed into zip files and can be accessed via the links in the bulletin document(Xerox Security Bulletin XRX13-006 v1.2) above.

.

Xerox Security Bulletin XRX12-005 V1.1 (PDF 103.3K)

The Xerox devices ColorQube® 9201/9202/9203, ColorQube® 9301/9302/9303, WorkCentre® 232/238/245/255/265/275, WorkCentre® 5030/5050, WorkCentre® 5135/5150, WorkCentre® 5632/5638/5645/5655/5665/5675/5687, WorkCentre® 5735/5740/5745/5755/5765/5775/5790, WorkCentre® 6400, WorkCentre® 7525/7530/7535/7545/7556, WorkCentre® 7655/7665/7675, WorkCentre® 7755/7765/7775, WorkCentre® Bookmark 40/55, WorkCentre Pro® 232/238/245/255/265/275 were shipped with certain protocols enabled that, if properly exploited, could be used to gain unauthorized access to the system. These particular protocols should not have been present in the production configuration and need to be removed from that configuration to minimize the possibility of unauthorized system access.

A software solution (patch P49) is provided for the products listed. This solution will remove from the production configuration the unwanted protocols in question so they can’t be exploited to gain unauthorized access to the system.

This solution is designed to be installed by the customer. The software solution is compressed into a 3 KB zip file and can be accessed via the link below or via the link following this bulletin announcement on the Xerox Security Site.

Software available through this link:


cert_P49v1_Patch2.zip

Xerox Security Bulletin XRX12-003 v1.1 (PDF 185.5K)

NOTE: We are re-issuing this bulletin due to a spelling error of the name of one of the researchers. No technical content in the bulletin has changed.

Vulnerabilities exist that, if exploited, could allow remote attackers to insert arbitrary code into the device. This could occur with a specifically crafted Postscript or firmware job submitted to the device. If successful, an attacker could make unauthorized changes to the system configuration; however, customer and user passwords are not exposed.

As part of Xerox’s on-going efforts to protect customers, the ability to accept these specially crafted jobs can be disabled for the affected products listed in the bulletin. Links for the software needed are contained inside the bulletin.

Xerox Security Bulletin XRX11-004 (PDF 73.4K)

A vulnerability exists that, if exploited, could allow remote attackers to bypass local authentication. This could occur with a specially crafted sequence of commands entered through the Web User Interface. If successful, an attacker could make unauthorized changes to the system configuration; however, customer and user passwords are not exposed. A patch file P48 is provided for the ColorQube 9301/9302/9301.


cert_CQ93xx_P48v1_Patch4.zip