Upstream information

CVE-2018-19456 at MITRE

Description

The WP Backup+ (aka WPbackupplus) plugin through 2018-11-22 for WordPress allows remote attackers to obtain sensitive information from server folders and files, as demonstrated by download.sql.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having low severity.

No SUSE Bugzilla entries cross referenced.

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Software Development Kit 12 SP3
  • libgit2 >= 0.24.1-7.9.1
  • libgit2-24 >= 0.24.1-7.9.1
Patchnames:
SUSE-SLE-SDK-12-SP3-2019-24
SUSE Linux Enterprise Software Development Kit 12 SP4
  • libgit2 >= 0.24.1-7.9.1
  • libgit2-24 >= 0.24.1-7.9.1
Patchnames:
SUSE-SLE-SDK-12-SP4-2019-24
SUSE Manager Server 3.1
  • libgit2 >= 0.24.1-7.9.1
  • libgit2-24 >= 0.24.1-7.9.1
Patchnames:
SUSE-SUSE-Manager-Server-3.1-2019-24
SUSE Manager Server 3.2
  • libgit2 >= 0.24.1-7.9.1
  • libgit2-24 >= 0.24.1-7.9.1
Patchnames:
SUSE-SUSE-Manager-Server-3.2-2019-24
openSUSE Leap 42.3
  • libgit2 >= 0.24.1-10.6.1
  • libgit2-24 >= 0.24.1-10.6.1
  • libgit2-24-32bit >= 0.24.1-10.6.1
  • libgit2-24-debuginfo >= 0.24.1-10.6.1
  • libgit2-24-debuginfo-32bit >= 0.24.1-10.6.1
  • libgit2-debugsource >= 0.24.1-10.6.1
  • libgit2-devel >= 0.24.1-10.6.1
Patchnames:
openSUSE-2019-21