View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2014-4040 severity moderate: SUSE including 24 source package names (powerpc-utils-1.2.16-0.13.1, powerpc-utils-1.2.22-2.1, …), 29 product×package rows across 29 product lines (SUSE Linux Enterprise Micro 5.0, SUSE Linux Enterprise Micro 5.1, … (29 product lines)): Fixed 29.
snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.