© 2016 Xerox Corporation. All rights reserved. XEROX® and XEROX and Design®, ColorQube®, and WorkCentre® are trademarks
of Xerox Corporation in the United States and/or other countries.
Technical Support Operations
Page 1 of 3
Purpose
This Bulletin is intended ONLY for the specific security problems identified below. The problems
identified has been rated a criticality level of
IMPORTANT.
This release includes OpenSSL 1.1.0.
This SPAR release includes fix for:
CVE-2016-2177 -- OpenSSL incorrectly uses pointer arithmetic for heap-buffer boundary checks,
which might allow remote attackers to cause a denial of service.
CVE-2016-2183 - The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec
protocols and other protocols and products, are vulnerable to a birthday attack against a long-
duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC
mode, aka a "Sweet32" attack.
CVE-2015-2808 Bar Mitzvah. The RC4 algorithm, as used in the TLS protocol and SSL protocol,
does not properly combine state data with key data during the initialization phase, which makes it
easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a
stream by sniffing network traffic that occasionally relies on keys affected by the Invariance
Weakness, and then using a brute-force approach involving LSB values. RC4 has been disabled
in this release.
Software Release Details
If your software is higher or equal to the versions listed below no action is needed.
Otherwise, please review this bulletin and consider installation of this version.
Model
WorkCentre
3325
Firmware version
51.006.15.000
Link to update
Save the file to a convenient location on your workstation. Unzip the file if necessary.
Mini Bulletin XRX16AI
WorkCentre 3325
Release SMP5R1 51.006.15.000
Release Date: Nov 30, 2016 Updated: Dec 01, 2016
