I've got two Magento stores and read that there is an important security problem that has been revealed.
I have downloaded the patch files, but cannot seem to understand how to patch the files properly, one store has hosting with SSH access - but the other doesn't.
How can I patch the files properly on each machine?
Source. http://www.magentocommerce.com/blog/comments/important-security-update-zend-platform-vulnerability/
There are a couple of ways you can go about fixing your issue,
Here is an example as to how to apply the patch file via SSH for a 1.4 store
cd /home/mystore/public_html
wget -O zendxml_fix.patch http://www.magentocommerce.com/downloads/assets/1.7.0.2/CE_1.4.0.0-1.4.1.1.patch
patch -p0 < zendxml_fix.patch
Here are the URLs for each patch,
We have downloaded all the installations and pre-patched the files for people that don't have access to command line or the patch
application. The contents of the files are far too big to post on here, but you can download them direct from our site
Community Edition 1.4.0.0 through 1.4.1.1
Community Edition 1.4.2.0
Community Edition 1.5.0.0 through 1.7.0.1
We've posted an explanation about the issue and a solution on our own website, http://www.sonassi.com/knowledge-base/magento-kb/important-magento-security-update-zend-platform-vulnerability/
FYI, WebGuys has provided an interface for checking if your magento store is vulnerable or not:
http://webguys.de/magento-exploit-test/
In order to apply patch file you can use either of two approaches:
1> Using SSH with following command:
patch -p0 < CE_1.5.0.0-1.7.0.1.patch
(Make sure you uploaded the patch file to the www-root of Magento installation and run the ssh command from there)
2>
Manually going through the files: lib/Zend/XmlRpc/Response.php
& lib/Zend/XmlRpc/Request.php
and adding/removing lines as mentioned in the .patch file.
Hope this helps.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With