XeroxÂ® FreeFlowÂ® Print Server v9 /Â SolarisÂ® 10 Operating System
XeroxÂ® iGenÂ®4 / XeroxÂ® iGenÂ®4 Diamond EditionÂ®Â Â / XeroxÂ® iGenÂ®150 Press
XeroxÂ® VersantÂ® 80/180/2100 Presses
XeroxÂ® Color 800/100 Press / XeroxÂ® Color 800i/1000i Press / XeroxÂ® Color Press J75/C75 Press / XeroxÂ® Color Press 560/570 Production Printer
XeroxÂ® BrenvaÂ® HD Production Inkjet Press / XeroxÂ® ImpikaÂ® Compact Inkjet Press / XeroxÂ® CiPressÂ® 325/500 Production Inkjet System / XeroxÂ® D95/110/125/136 Copier/Printer / XeroxÂ® Color 8250 Production Press
XeroxÂ® FreeFlowÂ® Print Server v9 / SolarisÂ® 11
XeroxÂ® Color 800/800i/1000/1000i Digital Press and XeroxÂ® VersantÂ® 3100 Press
XeroxÂ® WorkCentreÂ® 5325/5330/5335
XeroxÂ® Color 550/560 Printer
XeroxÂ® Color C60/C70
XeroxÂ® D95/D95A/D110/D125 Copier/Printer
XeroxÂ® D136 Copier/Printer
XeroxÂ® VersantÂ® 180/3100 Press
All XeroxÂ® VersaLinkÂ®
Products Affected by SHA-1 Certificate Expiration
Available Options for Continuing Remote Services
XeroxÂ® ColorÂ® 550/560/570 Printer
SPAR Release 55.42.73
This software contains fix for Poodle vulnerability and adds support for SHA-256 hash algorithm and 2048 bit digital certificates on Color 550/560/570.
NOTE: We are re-issuing this bulletin due to a spelling error of the name of one of the researchers. No technical content in the bulletin has changed.
Vulnerabilities exist that, if exploited, could allow remote attackers to insert arbitrary code into the device. This could occur with a specifically crafted Postscript or firmware job submitted to the device. If successful, an attacker could make unauthorized changes to the system configuration; however, customer and user passwords are not exposed.
As part of Xeroxâ€™s on-going efforts to protect customers, the ability to accept these specially crafted jobs can be disabled for the affected products listed in the bulletin. Links for the software needed are contained inside the bulletin.