Test ID:	1.3.6.1.4.1.25623.1.0.890832
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-832-1)
Summary:	The remote host is missing an update for the Debian 'bitlbee' package(s) announced via the DLA-832-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'bitlbee' package(s) announced via the DLA-832-1 advisory. Vulnerability Insight: CVE-2017-5668 Fix for incomplete fix for Null pointer dereference with file transfer request from unknown contacts. (Though this package wasn't in Wheezy with this issue, I mention it here. The fix was done with the second patch for CVE-2016-10189) CVE-2016-10189 Null pointer dereference with file transfer request from unknown contacts. CVE-2016-10188 deactivate any incoming file transfer for bitlbee This affects any libpurple protocol when used through BitlBee. It does not affect other libpurple-based clients such as pidgin. For Debian 7 Wheezy, these issues have been fixed in bitlbee version 3.0.5-1.2+deb7u1 Affected Software/OS: 'bitlbee' package(s) on Debian 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-10188 BugTraq ID: 95935 http://www.securityfocus.com/bid/95935 Debian Security Information: DSA-3853 (Google Search) http://www.debian.org/security/2017/dsa-3853 http://www.openwall.com/lists/oss-security/2017/01/30/4 http://www.openwall.com/lists/oss-security/2017/01/31/11 Common Vulnerability Exposure (CVE) ID: CVE-2016-10189 BugTraq ID: 95931 http://www.securityfocus.com/bid/95931
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.