corepack16-16.17.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12280 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z corepack16-16.17.0-1.1 on GA media These are all security issues fixed in the corepack16-16.17.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12280 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12280 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-29244/ SUSE CVE CVE-2022-29244 page openSUSE Tumbleweed corepack16-16.17.0-1.1 nodejs16-16.17.0-1.1 nodejs16-devel-16.17.0-1.1 nodejs16-docs-16.17.0-1.1 npm16-16.17.0-1.1 corepack16-16.17.0-1.1 as a component of openSUSE Tumbleweed nodejs16-16.17.0-1.1 as a component of openSUSE Tumbleweed nodejs16-devel-16.17.0-1.1 as a component of openSUSE Tumbleweed nodejs16-docs-16.17.0-1.1 as a component of openSUSE Tumbleweed npm16-16.17.0-1.1 as a component of openSUSE Tumbleweed npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=<name>`). Anyone who has run `npm pack` or `npm publish` inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published files into the npm registry they did not intend to include. Users should upgrade to the latest, patched version of npm v8.11.0, run: npm i -g npm@latest . Node.js versions v16.15.1, v17.19.1, and v18.3.0 include the patched v8.11.0 version of npm. CVE-2022-29244 openSUSE Tumbleweed:corepack16-16.17.0-1.1 openSUSE Tumbleweed:nodejs16-16.17.0-1.1 openSUSE Tumbleweed:nodejs16-devel-16.17.0-1.1 openSUSE Tumbleweed:nodejs16-docs-16.17.0-1.1 openSUSE Tumbleweed:npm16-16.17.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-29244.html CVE-2022-29244 https://bugzilla.suse.com/1200517 SUSE Bug 1200517