Critical Security Vulnerability Addressed in 7.2.6/8.0.6 Maintenance Releases
We strongly advise all customers to update as soon as possible to the 7.2.6 and 8.0.6 maintenance releases. A critical security vulnerability has recently been identified and is resolved in these maintenance releases.
This issue is being tracked in our Bugzilla system as the following:
Bug # 84547
Summary: Critical Security Vulnerability
Affected Version: 7.2.5 and 8.0.5 and all previous releases
To protect customers as they plan to apply this update, this bug is marked as private in our system and technical details are not publically available. Patch releases will also be provided for the following maintenance releases:
7.2.2, 7.2.3, 7.2.4, 7.2.5, 8.0.3, 8.0.4, 8.0.5
These patches will be available in mid-January so it is strongly advised to update to 7.2.6 and 8.0.6 maintenance releases before then. At that time, more information about the nature of the vulnerability will be made available.
Please note that this is a separate issue from the issue that was reported on December 6th 2013 on exploit-db. This issue affected releases 7.2.2 and 8.0.2 and prior. This issue was resolved in February 2013 in 7.2.2 patch 1 and 8.0.2 patch 1 and all subsequent releases.