Xerox XRX21-004 User Manual

Xerox Security Bulletin XRX21-004
Xerox® FreeFlow® Print Server v2 / Windows® 10
Install Method: USB Media Supports:
Xerox® iGen®5 Press
Xerox® BaltoroTM HF Production Inkjet Press
Xerox
®
Brenva
TM
HD Production Inkjet Press
Deliverable: January 2021 Security Patch Update Includes: OpenJDK 1.8.0-102021 Bulletin Date: February 8, 2021
1.0 Background
Microsoft® responds to US CERT advisory council notifications of Security vulnerabilities referred to as Common
Vulnerabilities and Exposures (CVE’s) and develops patches that remediate the Security vulnerabilities that are applicable
to Windows® 10 and components (e.g., Windows® Explorer®, .Net Framework®, etc.). The FreeFlow® Print Server organization has a dedicated development team, which actively review the US CERT advisory council CVE notifications, and delivers Security patch updates from Microsoft® to remediate the threat of these Security risks for the FreeFlow® Print Server v2 / Windows® v10 (supporting the Integrated and Standalone platforms)
The FreeFlow® Print Server organization delivers Security Patch Updates on the FreeFlow® Print Server v2 / Windows® v10 platform by the FreeFlow® Print Server organization on a quarterly (i.e., 4 times a year) basis. The FreeFlow® Print Server engineering team receives new patch updates in January, April, July and October, and will test them for supported Printer products (such as iGen®5 printers) prior to delivery for customer install.
Xerox tests FreeFlow® Print Server operations with the patch updates to ensure there are no software issues prior to installing them at a customer location. Alternatively, a customer can use Windows® Update to install patch updates directly from Microsoft®. If the customer manages their own patch install, the Xerox support team can suggest options to minimize the risk of FreeFlow® Print Server operation problems that could result from patch updates.
This bulletin announces the availability of the following:
1. January 2021 Security Patch Update
This supersedes the October 2020 Security Patch Update
2. Open JDK 1.8.0-012021Software
This supersedes JDK 1.8.0-102020 Software
3. Firefox v85.0 Software
This supersedes Firefox v81.0.2
See the US-CERT Common Vulnerability Exposures (CVE) list for OpenJDK 1.8.0-102021 software below:
OpenJDK 1.8.0-012021 Software Remediated US-CERT CVE’s
CVE-2020-14803
See US-CERT Common Vulnerability Exposures (CVE) for the January 2021 Security Patch Update in table below:
January 2021 Security Patch Update Remediated US-CERT CVE’s
CVE-2020-0689
CVE-2021-1653
CVE-2021-1665
CVE-2021-1679
CVE-2021-1690
CVE-2021-1702
CVE-2020-0733
CVE-2021-1654
CVE-2021-1666
CVE-2021-1680
CVE-2021-1692
CVE-2021-1704
CVE-2021-1637
CVE-2021-1655
CVE-2021-1667
CVE-2021-1681
CVE-2021-1693
CVE-2021-1706
CVE-2021-1642
CVE-2021-1656
CVE-2021-1668
CVE-2021-1683
CVE-2021-1694
CVE-2021-1708
CVE-2021-1645
CVE-2021-1657
CVE-2021-1669
CVE-2021-1684
CVE-2021-1695
CVE-2021-1709
CVE-2021-1648
CVE-2021-1658
CVE-2021-1671
CVE-2021-1685
CVE-2021-1696
CVE-2021-1710
CVE-2021-1649
CVE-2021-1659
CVE-2021-1673
CVE-2021-1686
CVE-2021-1697
CVE-2021-1650
CVE-2021-1660
CVE-2021-1674
CVE-2021-1687
CVE-2021-1699
CVE-2021-1651
CVE-2021-1661
CVE-2021-1676
CVE-2021-1688
CVE-2021-1700
CVE-2021-1652
CVE-2021-1664
CVE-2021-1678
CVE-2021-1689
CVE-2021-1701
See the US-CERT Common Vulnerability Exposures (CVE) list for the Firefox v 85.0 software below:
Firefox v85.0 Software Remediated US-CERT CVE’s
CVE-2020-15999
CVE-2020-26955
CVE-2020-26964
CVE-2020-26974
CVE-2020-35114
CVE-2021-23962
CVE-2020-16012
CVE-2020-26956
CVE-2020-26965
CVE-2020-26975
CVE-2021-23953
CVE-2021-23963
CVE-2020-16042
CVE-2020-26957
CVE-2020-26966
CVE-2020-26976
CVE-2021-23954
CVE-2021-23964
CVE-2020-16044
CVE-2020-26958
CVE-2020-26967
CVE-2020-26977
CVE-2021-23955
CVE-2021-23965
CVE-2020-26950
CVE-2020-26959
CVE-2020-26968
CVE-2020-26978
CVE-2021-23956
CVE-2020-26951
CVE-2020-26960
CVE-2020-26969
CVE-2020-26979
CVE-2021-23957
CVE-2020-26952
CVE-2020-26961
CVE-2020-26971
CVE-2020-35111
CVE-2021-23958
CVE-2020-26953
CVE-2020-26962
CVE-2020-26972
CVE-2020-35112
CVE-2021-23959
CVE-2020-26954
CVE-2020-26963
CVE-2020-26973
CVE-2020-35113
CVE-2021-23960
Note: Xerox recommends that customers evaluate their security needs periodically and if they need Security patches to address the above CVE issues, schedule an activity with their Xerox Service team to install this announced Security Patch Update. The customer can manage their own Security Patch Updates using Windows® Update services, but we recommend checking with Xerox Service to reduce risk of installing patches that have not been tested by Xerox.
2.0 Applicability
This January 2021 Security Patch Update (including OpenJDK 1.8.0-102021 software, and Firefox v85.0 Patches) is available for the FreeFlow® Print Server v2 Software Release running on Windows® v10 OS. The FreeFlow® Print Server software releases tested with the January 2021 Security Patch Update installed per printer products is illustrated below:
Printer Products
Patch Update Tested Releases
iGen®5 Press BaltoroTM HF Inkjet BrenvaTM HD Inkjet
CP.24.0.18201.0
CP.24.0.19114.0
CP.24.0.19119.0
All of the listed printer products were tested with each of the releases listed. Security of the network, devices and information on a customer network may be a consideration when deciding whether to
use the USB, or Windows® Update method of Security Patch Update delivery and install. Delivery and install of the Security
Patch Update using Update Manager may still be a concern for some highly “secure” customer locations such as US Federal
and State Government sites. Alternatively, delivery and install of Security Patch Updates from USB media may be more
Loading...
+ 2 hidden pages