User can see orders from other users.

Indeed, that should not be happening.
You can change the line:
$query = 'FROM '.hikashop_table('order').' AS a WHERE '.implode(' AND ',$filters).$order;

to:
$query = 'FROM '.hikashop_table('order').' AS a WHERE ('.implode(') AND (',$filters).') '.$order;

in the file components/com_hikashop/views/order/view.html.php to fix that.

We've also updated the HikaShop install package to correct the problem in HikaShop.

You need to replace :
$filter = implode(" LIKE $searchVal OR ",$searchMap)." LIKE $searchVal";
by:
$filter = '('.implode(" LIKE $searchVal OR ",$searchMap)." LIKE $searchVal".')';

in the file components/com_hikashop/views/affiliate/view.html.php to fix that.