文章彙整

Magento  SUPEE-10570安全性修補通知

By Astral Web 9 months agoNo Comments
首頁  /  Magento  /  Magento消息  /  Magento  SUPEE-10570安全性修補通知

SUPEE-10570, Magento企業版1.14.3.8和社群版1.9.3.8包含多個安全增強功能,可以幫助關閉遠端執行代碼查詢(RCE),跨網站指令碼(XSS)等功能,以及解決其他問題。此版本同時包含多項小功能的修復程序,詳情請參閱以下資訊。

 

有關1.14.3.8和1.9.3.8版本中所有更改的信息,請參閱Magento企業版和Magento社群版發行說明。

 

修補程序和升級可用於以下Magento版本:

 

Magento企業版 1.9.0.0-1.14.3.7: SUPEE-10570或升級為Magento 企業版1.14.3.8。

 

Magento社群版1.5.0.0-1.9.3.7: SUPEE-10570或升級為Magento社群版1.9.3.8。

 

要下載修補程序或版本,請從以下選項中進行選擇:

 

合作夥伴

 

Magento Commerce 1.14.3.8 Partner Portal > Magento Commerce > Magento Commerce 1.X > Magento Commerce 1.x > Version 1.x Releases > Version 1.14.3.8
SUPEE-10570 Partner Portal > Magento Commerce > Magento Commerce 1.X > Magento Commerce 1.x > Support and Security Patches > Security Patches > Security Patches – February 2018

 

Magento 社群版:

 

Magento Commerce 1.14.3.8 My Account > Downloads Tab > Magento Commerce 1.X > Magento Commerce 1.x > Version

1.x Releases > Version 1.14.3.8

SUPEE-10570 My Account > Downloads Tab > Magento Commerce 1.X > Magento Commerce 1.x > Support and Security Patches > Security Patches > Security Patches – February 2018

 

Magento 開源碼:

 

Magento Open Source 1.9.3.8
Magento Open Source Download Page > Release Archive Tab
SUPEE-10570 Magento Open Source Download Page > Release Archive Tab > Magento Open Source Patches – 1.x Section

 

如果此程序於修補lib / Zend / Mail / Transport / Sendmail.php時無法執行,則可能表示您的Magento已於安裝之前使用SUPEE-9652v1,而非SUPEE-9652v2進行修補。

在此,建議您先將Magento回復至SUPEE-9652v1並申請使用SUPEE-9652v2後,再進SUPEE-10570的修補程序。

 

本次更新項目有:

  1. APPSEC-1932: Remote Code Execution Using XML Injection
  2. APPSEC-1938: Remote Code Execution – additional fix not included in SUPEE-9652
  3. APPSEC-1964: Remote Code Execution by (semi-)arbitrary file deletion for admin users with access to Import.
  4. APPSEC-2000: Remote Code Execution in Staging Environment
  5. APPSEC-1944: Cross-Site Request Forgery in Store Backups
  6. APPSEC-1878/1890: Cross-site Scripting in CMS hierarchy
  7. APPSEC-1908/1948: Cross-site Scripting in Custom Variables
  8. APPSEC-1916: Cross-site Scripting in Attribute Group Name
  9. APPSEC-1928: Cross-site Scripting in Downloadable Products
  10. APPSEC-1945: Cross-site Scripting in Product SKU
  11. APPSEC-1973: Cross-site Scripting in Newsletter Template
  12. APPSEC-1873/1979/1980: Cross-site Scripting in Site Settings
  13. APPSEC-1995: Cross-site Scripting in Downloadable Products
  14. APPSEC-1889: Cross-Site Request Forgery Protection Bypass
  15. APPSEC-1553: Access to Gift Registries of Other Users
  16. APPSEC-1026: Session Management
  17. APPSEC-1937: Insufficient privilege seperation
  18. APPSEC-1967: Password Change Session Management
  19. APPSEC-1972: Password Reset Session Management

 

如欲瞭解更多訊息,請參考Magento官方說明:

https://magento.com/security/patches/supee-10570

 

以上內容由Astralweb 歐斯瑞編寫製作

 000

推薦文章

Category:
  Magento消息

留下回應

你的電子郵件地址不會被公開.

取得獨家電子商務祕技

建立更好的策略靈感

跟上全球的網路趨勢

絕佳的電商解決方案

電子商務戰略全指南

每月發送電商戰略指南,只要填寫E-mail即可訂閱!

請到您的信箱確認,即可完成訂閱。