Test ID:	1.3.6.1.4.1.25623.1.0.703379
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-3379-1)
Summary:	The remote host is missing an update for the Debian 'miniupnpc' package(s) announced via the DSA-3379-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'miniupnpc' package(s) announced via the DSA-3379-1 advisory. Vulnerability Insight: Aleksandar Nikolic of Cisco Talos discovered a buffer overflow vulnerability in the XML parser functionality of miniupnpc, a UPnP IGD client lightweight library. A remote attacker can take advantage of this flaw to cause an application using the miniupnpc library to crash, or potentially to execute arbitrary code with the privileges of the user running the application. For the oldstable distribution (wheezy), this problem has been fixed in version 1.5-2+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 1.9.20140610-2+deb8u1. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your miniupnpc packages. Affected Software/OS: 'miniupnpc' package(s) on Debian 7, Debian 8. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-6031 BugTraq ID: 77306 http://www.securityfocus.com/bid/77306 Debian Security Information: DSA-3379 (Google Search) http://www.debian.org/security/2015/dsa-3379 https://security.gentoo.org/glsa/201801-08 http://talosintel.com/reports/TALOS-2015-0035/ SuSE Security Announcement: openSUSE-SU-2015:2070 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-11/msg00122.html http://www.ubuntu.com/usn/USN-2780-1 http://www.ubuntu.com/usn/USN-2780-2
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.