Thomas,
Great questions !!
Let's start with DLNA and what it is used for. Ronnie already gave you an idea of what DLNA does, here is a little bit more detail:
DLNA separates multimedia devices into 10 certified classes subdivided into three broad categories: Home Network Devices (PCs, TVs, AV receivers, game consoles), Mobile Handheld Devices (smartphones, tablets, digital cameras), and Home Infrastructure Devices (routers and hubs).
A device’s class is determined by its functional capabilities—whether it stores, controls, or plays media—rather than the type of product it is. So it’s possible (even common) for a device to fall into more than one class. Some DLNA-certified TVs, for example, can be classified as both a Digital Media Player—meaning it can locate and play media from other devices—and a Digital Media Renderer—because media can be pushed to it by an external controlling device.
The DLNA specification defines only a handful of audio and video formats it supports. Common formats like MP3 audio, MP4 video, Windows Media Audio, and Windows Media Video 9 are all included. However, DLNA devices don’t support Windows Media Video 10, the MKV or AVI containers, or FLAC lossless audio. DLNA also defines certain types of “profiles,” so some MP4 files might not be supported depending on their resolution, bitrate, and other details. Device creators can’t add support for these because that would violate the DLNA specification. Not all local media files will work. Some DLNA server software will transcode media on the fly from an unsupported format to a DLNA-compliant one — they have to do this because that’s the only way you could stream such files with DLNA.
DLNA also must involve files. You can’t use DLNA to stream the contents of your screen from one device to another, as you can do with Apple’s AirPlay, Google’s Chromecast, or the Miracast wireless display standard. You can’t play a game on a device and stream the output of your display to another device, give a presentation, or mirror your display for any other reason.
So, in terms of what DLNA is and what it does, it serves up local media and makes it available. The security issue(s) associated with allowing it are really centered around the concerns that the broadcasted metadata about the information DLNA is serving up, and where it resides pose. In general terms, turning off ALL services that are not actively used / required is a security best practice to help harden a system / device and to reduce the available attack surface for someone looking to do harm. It would make sense for you to remove support for any of those protocols or services that will not be used for this reason, but also because they pose ongoing risks due to the potential for unknown vulnerabilities that may be exploited at some point.
I hope that helps... :)
Cheers,
Adam