The Zend Framework vulnerability potentially allows an attacker to read any file on the web server where the Zend XMLRPC functionality is enabled. So potentially an attacker can read configuration file of your Magento installation.
It is very important to apply security patches that were released by Magento yesterday.
Magento Community Edition
You are secure if you use Magento Community 1.3.x or Magento Community 1.7.0.2.
If you use Magento Community 1.4.x, 1.5.x, 1.6.x and 1.7.x versions it is important to apply security fix from Magento as soon as possible.
Security patches are available for download:
Community Edition 1.4.0.0 - 1.4.1.1
Community Edition 1.4.2.0
Community Edition 1.5.0.0 - 1.7.0.1
Magento Enterprise Edition and Magento Professional Edition
You are secure if you use Magento Enterprise 1.12.0.2.
Download and apply security patch for Magento Enterprise / Professional from Download area in your Magento account.
Important: Don't forget to clear Magento cache, Magento compiler cache, APC/Memcache and any other cache mechanisms you use after patch application.
Yes you can apply the patch manually using FTP.
Have a look at patch structure e.g. here:
http://www.magentocommerce.com/downloads/assets/1.7.0.2/CE_1.5.0.0-1.7.0.1.patch
You will see that some lines have - symbols and some + symbols.
Lines with - symbols should be removed and lines with + symbols should be added to the file.
In fact is it simple Unix DIFF patch, more information is available here: http://en.wikipedia.org/wiki/Diff
Any idea how to apply it for 1.5 or further without SSL command?
Maybe by ftp?
Thank you
patch -p1 < CE_1.5.0.0-1.7.0.1.patch
which didn't work but the following worked:
patch -p0 < CE_1.5.0.0-1.7.0.1.patch
(Make sure you uploaded the patch file to the www-root of Magento installation and run the ssh command from the www-root path)