pcp - several

It was discovered that Performance Co-Pilot (pcp), a framework for
performance monitoring, contains several vulnerabilities.

• CVE-2012-3418
  Multiple buffer overflows in the PCP protocol decoders can
  cause PCP clients and servers to crash or, potentially,
  execute arbitrary code while processing crafted PDUs.
• CVE-2012-3419
  The linux PMDA used by the pmcd daemon discloses sensitive
  information from the /proc file system to unauthenticated
  clients.
• CVE-2012-3420
  Multiple memory leaks processing crafted requests can cause
  pmcd to consume large amounts of memory and eventually crash.
• CVE-2012-3421
  Incorrect event-driven programming allows malicious clients to
  prevent other clients from accessing the pmcd daemon.

To address the information disclosure vulnerability,
CVE-2012-3419, a
new proc PMDA was introduced, which is disabled by default. If you
need access to this information, you need to enable the proc PMDA.

For the stable distribution (squeeze), this problem has been fixed in
version 3.3.3-squeeze2.

For the unstable distribution (sid), this problem has been fixed in
version 3.6.5.

We recommend that you upgrade your pcp packages.