 |
 |
| Xerox Security Bulletins |
|
|
|
Refer to the Xerox Office Group Security Patch Criticality Ratings document for a description of the Security Patch Rating system used for security patches to Xerox office products (as of December 2007).
Refer to the "How to Upgrade, Patch or Clone Xerox Multifunction Devices" Customer Tips document for a description of how to perform remote upgrades, apply patches, and send clone files. |
|
| 2008 |
|
 Xerox Security Bulletin XRX08-008(PDF, 39KB)
CentreWare Web has been found to be vulnerable to a set of potential SQL Injection and Cross Site Scripting vulnerabilities. If exploited, these vulnerabilities could allow an attacker to make unauthorized changes to CentreWare Web or asset data, or redirect user browsing sessions.
July 9, 2008
|
|
Xerox Security Bulletin XRX08-007(PDF, 44KB)
A persistent cross site scripting vulnerability exists in the web server of the Xerox 4110 Copier/Printer, the Xerox 4590 Copier/Printer, and the Xerox 4595 Copier/Printer. If exploited, this vulnerability could allow code injection by malicious web users into the web pages viewed by other users.
Download Install Instructions (PDF, 845MB)
Download Software Update for Xerox 4110/4590/4595 (zip archive, 28MB)
June 12, 2008
|
|
Xerox Security Bulletin XRX08-006(PDF, 42KB)
A vulnerability exists in the Web Services of the WorkCentre 7655/7665/7675 when attempting to access the Extensible Interface Platform feature under certain conditions. If exploited, this vulnerability could allow an attacker unauthorized access to make changes to the system configuration.
Download Software Update for WorkCentre 7655/7665/7675 (zip archive, 20MB)
June 12, 2008
|
|
Xerox Xerox Security Bulletin XRX08-005(PDF, 1MB)
A persistent cross site scripting vulnerability exists in the web server of the WorkCentre M123/M128, WorkCentre 133, WorkCentre Pro 123/128 and WorkCentre Pro 133. If exploited, this vulnerability could allow code injection by malicious web users into the web pages viewed by other users.
Download Software Update – Refer to the XRX08-005 Security Bulletin to determine which file to download.
Group 1 Languages Standard Executable (zip archive, 16MB)
Group 1 Languages with Postscript Executable (zip archive, 21MB)
Group 2 Languages Standard Executable (zip archive, 16MB)
Group 2 Languages with Postscript Executable (zip archive, 21MB)
Group 3 Languages Standard Executable (zip archive, 15MB)
Group 3 Languages with Postscript Executable (zip archive, 21MB)
June 12, 2008
|
|
Xerox Xerox Security Bulletin XRX08-004(PDF, 1MB)
A persistent cross site scripting vulnerability exists in the web server of the WorkCentre 7132 and WorkCentre 7228/7235/7245. If exploited, this vulnerability could allow code injection by malicious web users into the web pages viewed by other users.
Download Software Update – Refer to the XRX08-004 Security Bulletin to determine which file to download.
WorkCentre 7132 Standard Executable (zip archive, 22MB)
WorkCentre 7132 Standard Binary (zip archive, 20MB)
WorkCentre 7132 with Postscript Executable (zip archive, 27MB)
WorkCentre 7132 with Postscript Binary (zip archive, 25MB)
WorkCentre 7228/7235/7245 Executable (zip archive, 41MB)
WorkCentre 7228/7235/7245 Binary (zip archive, 39MB)
May 22, 2008
|
|
Xerox Security Bulletin XRX08-003(PDF, 27KB)
As part of Xerox’s on-going efforts to protect customers, a patch is being provided for customers interested in the Common Criteria Certified version, 21.113.02.000, for the WorkCentre 56xx products that adds improved audit logging to meet the requirements of NIAP Policy #15.
Download Software Update for WorkCentre 56xx products (zip archive, 20MB)
March 28, 2008
|
|
Xerox Security Bulletin XRX08-001(PDF, 44KB)
Vulnerabilities exist in the ESS/Network Controller that, if exploited, could allow remote attackers to execute arbitrary code via specially crafted Remote Procedure Call (RPC) requests.
Download Software Update for WorkCentre 232/238/245/255/265/275, WorkCentre Pro 232/238/245/255/265/275, and WorkCentre 7655/7665 (zip archive, 8MB)
January 4, 2008
|
|
| 2007 |
|
Xerox Security Bulletin XRX07-002(PDF, 42KB)
A command injection vulnerability exists in the ESS/ Network Controller and MicroServer Web Server. If exploited, this vulnerability could allow remote execution of arbitrary software.
Download Software Update for WorkCentre 232/238/245/255/265/275, WorkCentre Pro 232/238/245/255/265/275, and WorkCentre 7655/7665 (zip archive, 1.1MB)
October 15, 2007
|
|
Xerox Security Bulletin XRX07-001(PDF, 39KB)
A command injection vulnerability exists in the ESS/ Network Controller that, if exploited, could allow remote execution of arbitrary software, forgery of digital certificates, or initiation of Denial of Service attacks.
Download Software Update (zip archive, 990KB)
August 30, 2007 Original Release: June 29, 2007 |
|
| 2006 |
|
Xerox Security Bulletin XRX06-007(PDF, 45KB)
A command injection vulnerability exists in the ESS/ Network Controller and MicroServer Web Server. If exploited this vulnerability could allow remote execution of arbitrary software.
This bulletin has been rescinded and is no longer valid. Download Permanently Unavailable
October 15, 2007 - Original Release: December 13, 2006 |
|
Xerox Security Bulletin XRX06-006(PDF, 42KB)
Cumulative update to address multiple security vulnerabilities
July 26, 2007 Original Release: November 30, 2006 |
|
Xerox Security Bulletin XRX06-005(PDF, 144KB)
Vulnerability in the ESS/ Network Controller and MicroServer Web Server could allow remote execution of arbitrary software.
This bulletin been superseded by XRX07-002. Download Permanently Unavailable
October 15, 2007 - Original Release: October 3, 2006 |
|
Xerox Security Bulletin XRX06-004(PDF, 43KB)
Cumulative update to address multiple security vulnerabilities
October 4, 2006 |
|
Xerox Security Bulletin XRX06-003(PDF, 20 KB)
Cumulative update for Common Criteria Assurance Maintenance. Note: This bulletin has been superseded by XRX06-006.
July 27, 2007 Original Release: June 22, 2006 |
|
Xerox Security Bulletin XRX06-002(PDF, 44 KB)
System software versions available to address denial of service and other vulnerabilities in ESS
October 25, 2006 |
|
Xerox Security Bulletin XRX06-001(PDF, 35KB)
Vulnerabilities in the ESS/ Network Controller and MicroServer Web Server could potentially permit unauthorized access. Note: This bulletin has been superseded by XRX06-003.
April 24, 2006 Original Release: 02/20/06 |
|
| 2005 |
|
Xerox Security Bulletin XRX05-009(PDF, 41KB)
Vulnerabilities in the Xerox MicroServer Web Server could potentially permit unauthorized access.
Download Software Update (zip archive, 518 KB)
August 10, 2005 |
|
Xerox Security Bulletin XRX05-008(PDF, 69KB)
Vulnerabilities in the Xerox MicroServer Web Server could potentially permit unauthorized access.
Download Software Update (zip archive, 2759 KB)
August 10, 2005 |
|
Xerox Security Bulletin XRX05-007(PDF, 101KB)
Vulnerabilities in the Xerox MicroServer Web Server could potentially permit unauthorized access.
Download Software Update (zip archive, 1683 KB)
August 25, 2005 |
|
Xerox Security Bulletin XRX05-006(PDF, 41KB)
Vulnerabilities in the Xerox MicroServer Web Server could potentially permit unauthorized access.
Download Software Update (zip archive, 582 KB)
August 4, 2005 |
|
Xerox Security Bulletin XRX05-005(PDF, 36KB)
Vulnerability in the Xerox MicroServer Web Server could potentially permit unauthorized access.
Download Software Update (zip archive, 7.9MB)
Note: This patch applies to launch level software only.
April 13, 2005 |
|
Xerox Security Bulletin XRX05-004(PDF, 52KB)
Vulnerability in the Xerox MicroServer Web Server could cause a denial of service.
Download Software Update (zip archive, 2.2MB)
June 13, 2005 |
|
Xerox Security Bulletin XRX05-003(PDF, 53KB)
Vulnerability in the http server on the ESS/ Network Controller could potentially permit unauthorized access.
Download Software Update (zip archive, 97KB)
June 13, 2005 |
|
Xerox Security Bulletin XRX05-002(PDF, 22KB)
Vulnerability in the WorkCentre M24 scanning/faxing software could expose personal information.
January 19, 2005 |
|
Xerox Security Bulletin XRX05-001(PDF, 125KB)
Vulnerability in the ESS/ Network Controller could potentially permit unauthorized access.
Download Software Update (zip archive, 8.25MB)
January 14, 2005 |
|
| 2004 |
|
Xerox Security Bulletin XRX04-010(PDF, 38KB)
Vulnerability in the ESS/ Network Controller could potentially permit unauthorized access.
Download Software Update (zip archive, 24MB)
December 20, 2004 |
|
Xerox Security Bulletin XRX04-009(PDF, 36KB)
Vulnerability in the http server on the ESS/ Network Controller could potentially permit unauthorized access.
Download Software Update (PDF, 13KB)
April 13, 2004 |
|
Xerox Security Bulletin XRX04-008(PDF, 33KB)
The information provided here is consistent with the security functional claims made in the Security Target
May 2, 2005 |
|
Xerox Security Bulletin XRX04-007(PDF, 101KB)
Vulnerability in the Xerox MicroServer Web Server could cause a denial of service
Download Software Update (zip archive, 2.1 MB)
August 31, 2004 |
|
Xerox Security Bulletin XRX04-006(PDF, 103KB)
Vulnerability in the ESS/ Network Controller could cause Immediate Image Overwrite to fail in a specific instance with no indication after an unexpected power loss
Download Software Update (zip archive, 613 KB)
August 31, 2004 |
|
Xerox Security Bulletin XRX04-005(PDF, 65KB)
Vulnerability in the ESS/ Network Controller could potentially permit unauthorized access
Download Software Update (zip archive, 8.7 MB)
June 7, 2005 |
|
Xerox Security Bulletin XRX04-004(PDF, 99KB)
Vulnerability in the ESS/ Network Controller could cause a denial of service
Download Software Update (zip archive, 27 MB)
June 24, 2004 |
|
Xerox Security Bulletin XRX04-003(PDF, 146KB)
WorkCentre Multifunction Devices (MFD) PostScript directory traversal patch
Download Software Update (zip archive, 6 MB)
April 14, 2004 |
|
Xerox Security Bulletin XRX04-002(PDF, 116KB)
Xerox MicroServer Web Server Vulnerability
Download Software Update (zip archive, 28 MB)
March 10, 2004 |
|
Feed: Get Xerox Security Bulletins