Contact
Site: US UK AU |
Nexcess Blog

Important Magento Security Update

July 5, 2012 1 Comment RSS Feed

Important Magento Security Update

Magento recently posted an important security update that affects all versions prior to CE 1.7.0.2 and EE 1.12.0.2. The vulnerability is specifically in the Zend Framework’s Zend_XmlRpc module, which means that any application built on the Zend Framework is potentially vulnerable. See: ZF2012-01

Nexcess implements a Web Application Firewall that should offer protection from this vulnerability, however, it is imperative that you patch your Magento software immediately to be completely safe. Here is what you need to do to patch your Magento application:

1. Download the appropriate patch from Magento’s website for your version:

2. Upload the patch to your Magento root directory via FTP or Siteworx File Manager.
3. Log in to your SSH account, change to your Magento root directory, and run the patch command:

$ patch -b -p0 &lt; CE_1.5.0.0-1.7.0.1.patch<br />
patching file lib/Zend/XmlRpc/Response.php<br />
patching file lib/Zend/XmlRpc/Request.php

4. You may need to clear the Magento cache or re-compile if you are using the Mage_Compiler.

Note: The latest versions of Magento CE (1.7.0.2) and EE (1.12.0.2) have already been patched for this vulnerability.

If you have any questions or would like any assistance with this, please do not hesitate to contact us at support@nexcess.net.

Posted in: Magento, Nexcess, Security