Today all Magento users are getting an alert on backend. It advices to apply 2 security patches for fix new vulnerabilities on Magento. Is advised to apply asap before hacker´s community would receive news about this so my recommendation is don´t play with the security of your business.
The patches required are SUPEE-1533 and SUPEE-5344
https://www.magentocommerce.com/products/downloads/magento
Every patch checks first if your server has the required software, if you don´t have the ‘patch’ utility you need to install on your server,
yum install patch
in case of CentOS.
Just upload patches to root installation and run :
bash PATCH_SUPEE-1533_EE_1.12.x_v1-2015-02-10-08-19-16.sh; bash PATCH_SUPEE-5345_CE_1.7.0.2_v1-2015-02-10-08-11-22.sh;
Example for Magento 1.7.2 Version
We applied these security patches in some installations, for our main Magento store and for some client´s sites. Notice every version of Magento has different patch version, so be sure don´t make a mistake and download wrong files.
In our case we applied every patch and make a git commit so we can roll back in case of issues.
Enjoy a healthy security.
I am not responsible for loss of data by using the comments of this blog. Make a backup of your system before you try any instructions in this post.