The Zend Framework vulnerability potentially allows an attacker to read any file on the web server where the Zend XMLRPC functionality is enabled. So potentially an attacker can read configuration file of your Magento installation.
It is very important to apply security patches that were released by Magento yesterday.
Magento Community Edition
You are secure if you use Magento Community 1.3.x or Magento Community 188.8.131.52.
If you use Magento Community 1.4.x, 1.5.x, 1.6.x and 1.7.x versions it is important to apply security fix from Magento as soon as possible.
Security patches are available for download:
Community Edition 184.108.40.206 - 220.127.116.11
Community Edition 18.104.22.168
Community Edition 22.214.171.124 - 126.96.36.199
Magento Enterprise Edition and Magento Professional Edition
You are secure if you use Magento Enterprise 188.8.131.52.
Download and apply security patch for Magento Enterprise / Professional from Download area in your Magento account.
Important: Don't forget to clear Magento cache, Magento compiler cache, APC/Memcache and any other cache mechanisms you use after patch application.
Yes you can apply the patch manually using FTP.
Have a look at patch structure e.g. here:
You will see that some lines have - symbols and some + symbols.
Lines with - symbols should be removed and lines with + symbols should be added to the file.
In fact is it simple Unix DIFF patch, more information is available here: http://en.wikipedia.org/wiki/Diff
Any idea how to apply it for 1.5 or further without SSL command?
Maybe by ftp?
patch -p1 < CE_184.108.40.206-220.127.116.11.patch
which didn't work but the following worked:
patch -p0 < CE_18.104.22.168-22.214.171.124.patch
(Make sure you uploaded the patch file to the www-root of Magento installation and run the ssh command from the www-root path)