SUPEE-6285
Magento has released a new security patch for versions 1.6 and newer, SUPEE-6285
The vulnerabilities
This bundle includes protection against the following security-related issues:
- Customer Information Leak via RSS and Privilege Escalation
- Request Forgery in Magento Connect Leads to Code Execution
- Cross-site Scripting in Wishlist
- Cross-site Scripting in Cart
- Store Path Disclosure
- Permissions on Log Files too Broad
- Cross-site Scripting in Admin
- Cross-site Scripting in Orders RSS
What you need to do
You must apply this new security patch as soon as possible. It can be downloaded from https://www.magentocommerce.com/download
You can either patch the store yourself using the instructions below, or submit a (chargeable) maintenance support ticket at https://www.theclientarea.info where our support team can apply the patch on your behalf (est. 5-10 mins application time).
Instructions
- Download the appropriate version of the patch for your store from https://www.magentocommerce.com/download
- After downloading the patch, upload it to your Magento document root
- Log in via SSH as www-data
ssh www-data@acc.magestack.com
- Change directory to your Magento installation (replace as necessary), Eg.
cd /microcloud/domains/example/domains/example.com/http
- Execute the patch by running `bash` followed by the patch filename, Eg.
bash PATCH_SUPEE-6285_CE_1.7.0.2_v1-2015-07-07-09-09-08.sh
- If the patch was applied successfully, you should see the following
Checking if patch can be applied/reverted successfully...
Patch was applied/reverted successfully.
- After patch application, thoroughly test your store including customer account registration and the full checkout process.
More information
You can find more information from the official notice here, http://merch.docs.magento.com/ce/user_guide/Magento_Community_Edition_User_Guide.html#magento/patch-releases-2015.html
|
|
