Magento Security Announcement Reminder: SUPEE-9652

Magento has released a new patch, SUPEE-9652, which includes fixes for critical vulnerabilities. Stores left un-patched are placed at significant risk, and we recommend that all Magento store owners apply the patch as soon as possible.

As always, install the patch in a development environment and test before applying it to your live site.

If you need any assistance with security patch updates, please send an email to: magento@eboundhost.com or contact your Account Manager at eBoundHost.

For your convenience we have quoted some of the announcement from Magento below. Read the rest on the Magento site.

ANNOUNCEMENT FROM MAGENTO:

SUPEE-9652, Enterprise Edition 1.14.3.2 and Community Edition 1.9.3.2 address the Zend library vulnerability described below.

Information on all the changes in 1.14.3.2 and 1.9.3.2 releases is available in the ENTERPRISE EDITION and COMMUNITY EDITION RELEASE NOTES.

Patches and upgrades are available for the following Magento versions:

Enterprise Edition 1.9.0.0-1.14.3.1: SUPEE-9652 or upgrade to Enterprise Edition 1.14.3.2
Community Edition 1.5.0.1-1.9.3.1: SUPEE-9652 or upgrade to Community Edition 1.9.3.2

To download a patch or release, choose from the following options:

Partners:

Enterprise Edition 1.14.3.2	PARTNER PORTAL > Magento Enterprise Edition > Magento Enterprise Edition 1.X > Magento Enterprise Edition 1.x > Version 1.x Releases > Version 1.14.3.2
SUPEE-9652	PARTNER PORTAL > Magento Enterprise Edition > Magento Enterprise Edition 1.X > Magento Enterprise Edition 1.x > Support and Security Patches > Security Patches > Security Patches – February 2017

Enterprise Edition Merchants:

Enterprise Edition 1.14.3.2	MY ACCOUNT > Downloads Tab > Magento Enterprise Edition 1.X > Magento Enterprise Edition 1.x > Version 1.x Releases > Version 1.14.3.2
SUPEE-9652	MY ACCOUNT > Downloads Tab > Magento Enterprise Edition 1.X > Magento Enterprise Edition 1.x > Support and Security Patches > Security Patches > Security Patches – Februrary 2017

Community Edition Merchants:

Community Edition 1.9.3.2	COMMUNITY EDITION DOWNLOAD PAGE > Release Archive Tab
SUPEE-9652	COMMUNITY EDITION DOWNLOAD PAGE > Release Archive Tab > Magento Community Edition Patches – 1.x Section

APPSEC-1746 – Remote Code Execution using mail vulnerability
Type:	Remote code execution (RCE)
CVSSv3 Severity:	9.8 (Critical)
Known Attacks:	None
Description:	Zend Framework 1 vulnerability can be remotely exploited to execute code in Magento 1. While the issue is not reproducible in Magento 2, the library code is the same so it was fixed as well. Note: while the vulnerability is scored as critical, few systems are affected. To be affected by the vulnerability the installation has to: – use sendmail as the mail transport agent – have specific, non-default configuration settings as described HERE.
Product(s) Affected:	Magento Community Edition prior to 1.9.3.2, and Magento Enterprise Edition prior to 1.14.3.2, Magento 2.1 versions prior to 2.1.4 and Magento 2.0 versions prior to 2.0.12
Fixed In:	Community Edition 1.9.3.2, Enterprise Edition 1.14.3.2, SUPEE-9652, Magento 2.1.4, Magento 2.0.12
Reporter:	natmchugh

Please refer to SECURITY BEST PRACTICES for additional information on how to secure your site.

Be sure to implement and test the patch in a development environment first to confirm that it works as expected before deploying it to a production site.

Tom P February 8, 2017

Read This Next:

Magento Releases SUPEE-10975 Patch, Magento Commerce 1.14.4, Open Source 1.9.4, and 2.3.0

Magento PHP 7.2 Patch Release

New Magento Releases and Security Patch Update

Magento 2.2.5 and 2.1.14 Security Update

There is not a place on this Planet that you can get better service, support or hosting!

Pat

I have worked with many hosting companies over the course of my years in the website building and design business. I can say with certainty that eBoundHost.com is among the elite companies. I would and have recommended them to anyone.

Jim Nickerson

eBoundHost.com has the best customer service in ANY industry. Their support staff answers phone calls and emails immediately and they have time and time again gone over and above their responsibilities to make sure I am taken care of and that my clients are happy. I have many websites hosted here from small business to corporate level and have dealt with many hosting companies in the industry and eBoundHost.com is by far the BEST hosting provider there is. Great prices, great service, great hosting packages, and a killer reseller program! THANK YOU AGAIN :)

Shannon

eBoundHost.com has been a dream to work with. My questions are answered in minutes, the price is very reasonable, the interface is great, I am very happy with how smooth everything works.

Paul

Excellent response to questions and issues. Fabulous uptimes. Personable tech support.

Lisa Cowan

GREAT customer service and tech support, with professional, yet personable service.

J. Bitner

I waited to write a review until I had absolutely everything working, thinking that something would come up that eboundhost couldn't solve almost immediately. I've never been so happy to be wrong - their customer support is just incredible.

Shannon I

eBoundHost is the best. I have dealt with many hosting providers over the last 10 years. eBoundHost surpasses them all. Absolutely the highest level of quality service anywhere. Do yourself a big favor and sign on with eBoundHost.

Dave "Infodave" Beightol

Reliability and customer service that is rare and refreshing. We have been using eBoundHost for several years and unlike many companies who's service wanes over the years, the staff at eBound has consistently delivered top notch performance. Bravo!

Don Bailey

Cost, technical support and promptness of return calls are of paramount importance to me since most of my work is done on the road and waiting for a reply is frustrating. eBoundHost has been a pleasure to work with friendly, courteous and professional.

Steve Berry

EXCELLENT across the board, super quick reply to questions (about 15-30min). Outstanding! Loads of features, excellent price! Loads of space and bandwidth!

Beau B.

eBoundHost provides the very best service I've experienced in hosting. It takes less than 24h to get an answer to any question. They're great.

Fabien Papleux

Over the years, I've dealt with many companies. None come close to equaling the service and price offered by eBoundHost.

Jerry Stark

SUPER SUPPORT - even during "off hours" - Sundays & holidays. Responses have always been within minutes of the initial call or email. The BEST vendor I have ever used in my 10 plus years as a webhosting services consumer.

EG Pursley

eBoundHost is really the best hosting service in today's marketplace. Fast and efficient customer service with excellent IT knowledge. Good price and many bundled extra options. Highly recommended!

Goran Paunovic
Artversion Creative Agency

Every time I have contacted my host provider. They have responded with speed, courtesy and accuracy they are professional and a joy to work with.

P. LaGambina

I was just looking over our emails and adding up how much time you guys have taken to get me squared away with my new eboundhost account. I can't tell you what a relief it is to have fast, dependable hosting and the kind of immediate support I've gotten from you, after having struggled with a sub-standard host for years. eboundhost has, in the short time I've been with you, already saved me hundreds of dollars of billable time. My thanks.

Bart W

Every time I call with a problem or question, Everyone, especially Denis has always stepped up to the occasion. As usual he solved yet another problem I had. You have a superlative customer service. It doesn't get any better. Keep it up guys.

Jason M

I came to eBoundHost after a very bad experience with a so called "big boy" - you know one of those places you are only a number. I have been a satisfied customer for more than 4 years now. The support is second to none.

Gary Hutchison

Fast, reliable, full of features... Over the years, I have used more than a dozen hosts, both the big ones and smaller ones; eBoundHost.com is by far my favorite.

Dries J