The Commerce Shop Blog

February 23, 2017

Magento Zend Framework Vulnerability Fixed With SUPEE-9652 Patch

Magento Zend Framework Vulnerability Fixed With SUPEE-9652 Patch

The Zend Framework 1 and 2 email component which is used in Magnto 1 and Magento 2 versions has a new found vulnerability which can compromise your Magento eCommerce store security. The vulnerability can pave the way for remote code execution attacks if Sendmail is used as a mail transport agent.

Follow the suggested steps shown before to find if you have been a victim of such an attack:

  • Enter system settings
  • For Magento 1: System-> Configuration-> Advanced-> System-> Mail Sending Settings-> Set Return-Path
  • For Magento 2: Stores-> Configuration-> Advanced-> System-> Mail Sending Settings-> Set Return-Path
  • If the Set Return-Path is set to ‘Yes’ then you use Sendmail and your eCommerce store is open to being a victim of this particular attack.
  • Note: If you are an Enterprise Cloud customer then Magento would have instantly fixed the issue for you.
  • It’s highly advisable that you set the Set Return-Path value to ‘No’ until you install the patch released to keep your eCommerce store safe from attackers.

Magento Releases The Fix For All Versions:

The vulnerability with the release of the patch – SUPEE-9652 and also upgrade paths to various Magento editions.

Learn how to fix the threat if you are a:

  1. Enterprise Edition Merchant
  2. Community Edition Merchant
  3. Magento Partners

Enterprise Edition Merchant:

If you are a Enterprise Edition merchant, you have two options to fix the vulnerability threat.

Option 1: Installing Patch SUPEE-9652

  1. Go to your account and then enter the Downloads Tab
  2. Magento Enterprise Edition 1.X > Magento Enterprise Edition 1.x > Support and Security Patches > Security Patches > Security Patches – Februrary 2017
  3. Find the patch with label SUPEE-9652 and update your Magento Enterprise store.

Option 2: Upgrading Magento Edition To Enterprise Edition 1.14.3.2

  1. Go to your account and then enter the Downloads Tab
  2. Downloads Tab > Magento Enterprise Edition 1.X > Magento Enterprise Edition 1.x > Version1.x Releases > Version 1.14.3.2
  3. Update your Magento Enterprise Edition

Community Edition Merchants:

If you are a Community edition merchant, you have two options to fix the vulnerability threat

Option 1: Installing TheSUPEE-9652 Patch

  1. Go to the Community Edition Download Page
  2. Release Archive Tab > Magento Community Edition Patches – 1.x Section
  3. Find the Patch with label SUPEE-9652

Option 2: Upgrading To Magento Community Edition 1.9.3.2

  1. Go to the Community Edition Download Page
  2. Under the release archive tab, download the Community Edition Version 1.9.3.2

Magento Partners

If you are a Magento partner, you have two options to fix the security threat.

Option 1: Upgrading To Enterprise Edition 1.14.3.2:

  1. Login to your partner portal
  2. Then,Magento Enterprise Edition > Magento Enterprise Edition 1.X > Magento Enterprise Edition 1.x > Version 1.x Releases
  3. Under the release tab, upgrade to the version 1.14.3.2

Option 2: Installing the patch SUPEE-9652

  1. Login to your partner portal
  2. Magento Enterprise Edition > Magento Enterprise Edition 1.X > Magento Enterprise Edition 1.x > Support and Security Patches > Security Patches > Security Patches – February 2017
  3. Find the Patch with label SUPEE-9652

It’s advisable to fix the security threat as soon as possible by applying the suggested patch to ensure your eCommerce website is secured and no intruder can gain access to your system.

 

Shares