Products Affected by SHA-1 Certificate Expiration Available Options for Continuing Remote Services
WorkCentre 4260
Security Bulletins for Xerox Products (10)
Xerox Security Bulletin XRX18X V1.0 (PDF 168.9K)
Xerox® WorkCentre® 4260
Firmware Release 30.007.11.000
Xerox Security Bulletin XRX18N V1.0 (PDF 165.7K)
Xerox® WorkCentre® 4260
Xerox Security Mini Bulletin XRX17AC V1.0 (PDF 178.3K)
Xerox® WorkCentre® 4260 General Release 30.007.01.000
Xerox Security Mini Bulletin XRX17B_V1.0 (PDF 116.2K)
WorkCentre 4260
Xerox Security Mini Bulletin XRX16Z_V1.0 (PDF 183.7K)
General release for WorkCentre 4260, contains fixes for many vulnerabilities.
Xerox Security Mini Bulletin XRX15AV_V1.0 (PDF 122.4K)
This software contains fix for Logjam and VxWorks TCP Sequence vulnerabilities on WorkCentre 4260 and 4265.
WorkCenter 4265 release also contains fix for Freak vulnerability.
Xerox Security Mini Bulletin XRX15Y_V1.0 (PDF 219.3K)
Xerox Security Mini Bulletin XRX15B V1.0 (PDF 163.8K)
Xerox Security Bulletin XRX12-003 v1.1 (PDF 185.5K)
NOTE: We are re-issuing this bulletin due to a spelling error of the name of one of the researchers. No technical content in the bulletin has changed.
Vulnerabilities exist that, if exploited, could allow remote attackers to insert arbitrary code into the device. This could occur with a specifically crafted Postscript or firmware job submitted to the device. If successful, an attacker could make unauthorized changes to the system configuration; however, customer and user passwords are not exposed.
As part of Xerox’s on-going efforts to protect customers, the ability to accept these specially crafted jobs can be disabled for the affected products listed in the bulletin. Links for the software needed are contained inside the bulletin.
Information Assurance for Xerox Products (1)
WorkCentre 4250-4260 Information Assurance Disclosure Paper V1.3 (PDF 693.2K)
NOTE: This document was updated to include FIPS 140-2 information.
