Additionally, we have taken the opportunity to conduct a security audit of the 1.9 TikiWiki codebase and make some improvements to the security admin panel and file fingerprinting database (secdb).

))TikiWiki(( administrators are reminded to check their PHP errors settings in admin->general (possible path disclosure)

System administrators might find the following general security advice useful in improving the security of their server:

  • consider using an egress firewall on Internet-facing sites, to protect your OS against connect-back backdoor exploits
  • make sure that every partition with a directory that unprivileged users such as apache can write to, is protected with the noexec mount option