How to apply Magento patch SUPEE-5344


Tags: abuseMagentoSecurity

Last Februari we informed Magento users about an important new patch that addresses a Magento vulnerability. As Magento stated: “This issue allows an attacker to remotely execute code on Magento software using a specially drafted request”. This Magento bug affects all versions of Magento Enterprise Edition and versions of Magento Community Edition.
This article explains which type of patch you need to apply to secure the safety of your webshop. Magento Enterprise Edition users can download the patch via the Magento Support Portal via Magentocommerce.com.

Four steps to apply the patch and increase your Magento security

You need SSH (shell) access to download and apply the patch. You need only three commands, CD, WGET and BASH, to navigate, download and apply the patch.
Patches per version can found in this article under “Patches per version”.

Step 1: Log on to SSH (shell)

Log on to the shell server. If you don’t how to log on contact your hosting provider of technical contact. Byte customers can follow the steps in the article Inloggen op SSH (shell) (written in Dutch).

Step 2: Download the patch

To download the correct patch for your webshop you need to know what version of Magento your using.

To download the patch you use two commands: CD and WGET. CD navigates to the root folder of your Magento installation, WGET downloads the patch. Below you can find examples per versions.
NOTE: The folder names below are based on the Byte hosting platform, so replace YOURDOMAIN.COM with the installation folder of your Magento installation, e.g. “/var/www/html”, “public_html”, or “public”. If you don’t know the name of the folder your Magento has been installed in, contact your hosting provider.
Versions 1.4.0.x to 1.5.0.x:.

cd YOURDOMAIN.COM wget http://tools.byte.nl/magpatch/v1.4.0/patch-shoplift.sh

Version 1.5.1.x:.

cd YOURDOMAIN.COM wget http://tools.byte.nl/magpatch/v1.5.1/patch-shoplift.sh

Version 1.6.0.x:.

cd YOURDOMAIN.COM wget http://tools.byte.nl/magpatch/v1.6.0/patch-shoplift.sh

Versions 1.6.1.x to 1.6.2.x :.

cd YOURDOMAIN.COM wget http://tools.byte.nl/magpatch/v1.6.1/patch-shoplift.sh

Version1.7.x.x :.

cd YOURDOMAIN.COM wget http://tools.byte.nl/magpatch/v1.7.0/patch-shoplift.sh

Versions 1.8.x to 1.9.x :.

cd YOURDOMAIN.COM wget http://tools.byte.nl/magpatch/v1.8.0/patch-shoplift.sh

Step 3: Apply the patch

The command BASH will apply the patch you just downloaded:

bash patch-shoplift.sh

Step 4: Clear your cache

It’s important to flush the Magento cache after applying the patch. Flushing your caches can be done in the back-end of your Magento shop under Cache management. More info about flushing your cache in the back-end of Magento can be found in the Magentocommerce Knowledgebase. Don’t forget to flush your OPcode or APC cache as well!

Step 5: Check your shop

Don’t forget to check your shop for vulnerabilities after patching and flushing your caches. Magento’s Security Patch Page provides a list of signs to look out for to determine whether your site is comprised or not.

Patches per version

Magentocommerce offers al the available patches on their download page. This page can have difficulties loading because of traffic, so we’ve mirrored the patches on our platform.

Need help?

If you have problems downloading and applying the patch for this Magento vulnerability, please contact your hosting provider or webdeveloper.

FAQ

I keep getting a Hunk failed error. What should I do?

When you get the Hunk failed error it means you downloaded the patch for the wrong version. Please check what version of Magento you’re running and download the correct patch. If you still receive this error, please check the Magento forum for more information on these patches or discuss your problem on one of their boards.

How long will downloading and applying the patch take?

Downloading and applying the patch doesn’t take much time. We do however recommend that you check your shop thoroughly after applying the patch, which can take up quite some time.

I’ve patched my shop, but I keep getting an notification in the back-end of Magento

Magento doesn’t check whether you’ve applied the patch or not, so that notification will always be visible, patched or not. If you already applied the patch, you can ignore the notification or indicate you’ve read the message.


Pleased with the knowledge of Byte? Then you might be interested in the products or services that Byte offers. Take a look at our website, we offer the fastest Magento hosting, and the ultimate scalable Magento hosting.

1