Number: AV16-014
Date: 22 January 2016
Purpose
The purpose of this advisory is to bring attention to a new release of Magento Community Edition and Enterprise Edition that includes multiple security patches.
Assessment
Magento has released a patch and an update to address multiple vulnerabilities in several of its digital commerce software packages.
A security update is available for Magento Community Edition (CE), Magento Enterprise Edition (EE), Magento 2 Community Edition (CE) and Magento 2 Enterprise Edition (EE). A security patch is available for affected Magento CE and Magento EE for customers who do not wish to migrate to Magento 2.
Affected Versions:
Magento Community Edition version 1.9.2.3 and prior versions
Magento Enterprise Edition version 1.14.2.3 and prior versions
Magento 2 Community Edition version 2.0.1 and prior versions
Magento 2 Enterprise Edition version 2.0.1 and prior versions
Suggested action
CCIRC recommends that owner/operators test and deploy the vendor released update or workaround to affected platforms accordingly.
References
Security Update: https://magento.com/security/patches/magento-201-security-update
Security Patch: https://magento.com/security/patches/supee-7405