Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Magento security update and Patch

Number: AV16-014
Date: 22 January 2016

Purpose

The purpose of this advisory is to bring attention to a new release of Magento Community Edition and Enterprise Edition that includes multiple security patches.

Assessment

Magento has released a patch and an update to address multiple vulnerabilities in several of its digital commerce software packages.

A security update is available for Magento Community Edition (CE), Magento Enterprise Edition (EE), Magento 2 Community Edition (CE) and Magento 2 Enterprise Edition (EE).  A security patch is available for affected Magento CE and Magento EE for customers who do not wish to migrate to Magento 2.

Affected Versions:
Magento Community Edition version 1.9.2.3 and prior versions
Magento Enterprise Edition version 1.14.2.3 and prior versions
Magento 2 Community Edition version 2.0.1 and prior versions
Magento 2 Enterprise Edition version 2.0.1 and prior versions

Suggested action

CCIRC recommends that owner/operators test and deploy the vendor released update or workaround to affected platforms accordingly.

References

Security Update: https://magento.com/security/patches/magento-201-security-update
Security Patch: https://magento.com/security/patches/supee-7405

Date modified: