=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2007/VULN549
_____________________________________________________________________

DATE                      : 28/12/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running TikiWiki.

======================================================================
http://info.tikiwiki.org/tiki-read_article.php?articleId=19
______________________________________________________________________

  Security Fix Tiki 1.9.9 Released

For some days we have been working on fixing security flaws reported by
third party analysts. As always in such case, release is quickly
prepared and holes filled.

As this upgrade fixes various security holes, you are strongly advised
to upgrade any 1.9.x tiki (or earlier) that you have at hand, and call
your friends to spread the word.

1.9.9 also introduces a new feature to alert admin of available new
releases upstream.
For some days we have been working on fixing security flaws reported by
third party analysts. As always in such case, release is quickly
prepared and holes filled.

Here is then the version 1.9.9 of Tikiwiki (1.10 version, still pending
or its own release, is fixed in cvs).

As this upgrade fixes various security holes, you are strongly advised
to upgrade any 1.9.x tiki (or earlier) that you have at hand, and call
your friends to spread the word.

Hopefully, this tamtam method will not be necessary anymore in future
releases, because 1.9.9 introduces a new feature which alerts admin
(optionally as always) of available new releases upstream.

Please read the details about this release on 
http://tikiwiki.org/ReleaseProcess199external link

and get the source on 
http://sourceforge.net/project/showfiles.php?group_id=64258&package_id=112134&release_id=563456external 
link

Thanks for the help of redflo and nkoth that participated in the release
process, and others that contributed to this version code.

Thanks also to the analysts that reported the flaws: Jesus Olmos
Gonzalez, from http://isecauditors.comexternal link and Mesut Timur,
from http://www.h-labs.orgexternal link


cheers,
mose

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================