Xerox® FreeFlow® Print Server v9
Solaris® 10 Operating System
Xerox® iGen®4 / Xerox® iGen®4 Diamond Edition® / Xerox® iGen®150 Press
Xerox® Versant® 80/180/2100 Presses
Xerox® Color 800/100 Press / Xerox® Color 800i/1000i Press / Xerox® Color Press J75/C75 Press / Xerox® Color Press 560/570 Production Printer
Xerox® Brenva® HD Production Inkjet Press / Xerox® Impika® Compact Inkjet Press / Xerox® CiPress® 325/500 Production Inkjet System / Xerox® D95/110/125/136 Copier/Printer / Xerox® Color 8250 Production Press
Xerox® FreeFlow® Print Server v9 / Solaris® 11
Xerox® Color 800/800i/1000/1000i Digital Press and Xerox® Versant® 3100 Press
Xerox® WorkCentre® 5325/5330/5335
Xerox® Color 550/560 Printer
Xerox® Color C60/C70
Xerox® D95/D95A/D110/D125 Copier/Printer
Xerox® D136 Copier/Printer
Xerox® Versant® 180/3100 Press
All Xerox® VersaLink®
Products Affected by SHA-1 Certificate Expiration
Available Options for Continuing Remote Services
Xerox® Color® 550/560/570 Printer
SPAR Release 55.42.73
This software contains fix for Poodle vulnerability and adds support for SHA-256 hash algorithm and 2048 bit digital certificates on Color 550/560/570.
NOTE: We are re-issuing this bulletin due to a spelling error of the name of one of the researchers. No technical content in the bulletin has changed.
Vulnerabilities exist that, if exploited, could allow remote attackers to insert arbitrary code into the device. This could occur with a specifically crafted Postscript or firmware job submitted to the device. If successful, an attacker could make unauthorized changes to the system configuration; however, customer and user passwords are not exposed.
As part of Xerox’s on-going efforts to protect customers, the ability to accept these specially crafted jobs can be disabled for the affected products listed in the bulletin. Links for the software needed are contained inside the bulletin.