Debian Security Advisory

DLA-949-1 miniupnpc -- LTS security update

Date Reported:

22 May 2017

Affected Packages:

miniupnpc

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2017-8798.

More information:

It was discovered that there was a integer signedness error in the miniupnpc UPnP client that could allow remote attackers to cause a denial of service attack.

For Debian 7 Wheezy, this issue has been fixed in miniupnpc version 1.5-2+deb7u2.

We recommend that you upgrade your miniupnpc packages.