{"affected":[{"ecosystem_specific":{"binaries":[{"mongodb":"3.4.10-5.1","mongodb-mongoperf":"3.4.10-5.1","mongodb-mongos":"3.4.10-5.1","mongodb-server":"3.4.10-5.1","mongodb-shell":"3.4.10-5.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12 SP2","name":"mongodb","purl":"pkg:rpm/suse/mongodb&distro=SUSE%20Package%20Hub%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.4.10-5.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for mongodb 3.4.10 fixes the following issues:\n\nSecurity issues fixed:\n- CVE-2017-15535: MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory. (boo#1065956)\n\nBug fixes:\n- See release-notes for 3.4.4 - 3.4.10 changes.\n  * https://docs.mongodb.com/manual/release-notes/3.4-changelog/\n","id":"openSUSE-SU-2017:3022-1","modified":"2017-11-15T10:56:14Z","published":"2017-11-15T10:56:14Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1065956"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-15535"}],"related":["CVE-2017-15535"],"summary":"Security update for mongodb","upstream":["CVE-2017-15535"]}