Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0151 Xerox Security Bulletin XRX19-011 - Xerox FreeFlow Printer Server April2019Security Patch Update 24 May 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Xerox FreeFlow Print Server v2(Windows 7) Operating System: Windows 7 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Modify Arbitrary Files -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Cross-site Scripting -- Remote with User Interaction Denial of Service -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade Member content until: Sunday, June 23 2019 OVERVIEW Xerox have announced the Xerox FreeFlow Print Server v2 (Windows 7) April 2019 Security Update for: - Xerox Color C60/C70 Printer - Xerox iGen®5 Press - Xerox BrenvaTMHD Production InkJetPrinter Products including: Java 8 Update 211, and Firefox v66.0.3Patches. [1] IMPACT This security update includes fixes for numerous critical security vulnerabilities. Complete details can be found in [1]. MITIGATION Xerox recommends installing the suitable patch update for your server: "Printer Product Patch Update Tested Releases Color C60/C70 Printer CP.20.1.17165.0 CP.22.1.18064.1 IGen5 Press CP.23.0.18058.0 BrenvaTMPrinter CP.22.1.18064.0 CP.22.1.18185.0" [1] REFERENCES [1] Xerox Security Bulletin XRX19-011 - Xerox®FreeFlow®Print Server v2(Windows 7) https://security.business.xerox.com/wp-content/uploads/2019/05/cert_XRX19-011_FFPSv2_Win7_SecurityBulletin_May2019.pdf AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXOdxu2aOgq3Tt24GAQhulg/9FV14epg1JJrBidLsSQflPtwPs77g9IqL GIhuu5LD8STiD9Xm2ugwecTpdKQjB+w4uJEStBfFr8nUSQJP8i1SIBnasKcwf0t9 3bzzN71YxiOgyTKwu5aC9L/lzRvhiYswVfcKgnMGF8V4/WUc11EGqdGMWQh7g0uI yA9z3aa3jvkmsSLciJNn2s23kmxPH/Ht16tBGM7P6XiLCpQUu39Cr+3crcxTs3zU sRcCPnPP7LNKxyFN4euG/aJkqK2zxh03c3x47GHDmR/fnf9paNkTNo8kuAFccO/4 Fi0CRaiCXiM5YrmvkM6lgmGh7m+VZhPoSdMhO64AEnhJAUEIXQiIayDCGjgr8nAa X6+z4/L1fXB9qfEY29SLeFifpqmq1V1chkVlAIghBSf/J1cYfAmbewkPdk9f01qZ LyTR4Jb/wEVyb5nXYT6Cgl+uTewtnTHKjl2aBIQXN6JdhV5VoiwpQRn/Ih6M4dSb JFPNcHWuAEPLITRC/sBrFESZN8mhecWexJAulGkiOYvCVjoNTQj1VETuYAJH7NN3 rizwOwF0fBe/M9K+gonDPiCLFZ2AGwdjGdHrKXaT4EV8II7xl56GTC63AQx+NBdf Wu+zXr7osp3TT+0RgoUnFqBzoNihLUznGBBnysz/euNz0VOkHJRm3TFWWRtGJC5J Gu5B3BKjpqo= =s5Wb -----END PGP SIGNATURE-----