MySQL AB this week issued a security patch for multiple vulnerabilities in its MySQL open-source database.
The MySQL 5.0.21 update patches three flaws that affect versions 4.0.26, 4.1.18, 5.0.20 and 5.1.9, as well as prior versions of the company's database, according to security company FrSIRT.com. (http://www.frsirt.com/english/advisories/2006/1633)
FrSIRT rated the flaws as "moderate" and said they can be exploited both remotely and locally.
According to FrSIRT, the first flaw is due to a buffer overflow error in the "sql_base.cc" script." The vulnerability could be exploited by authenticated attackers to execute arbitrary commands, the security company said in its advisory.
Input validation errors in the "sql_parse.cc" file are the cause of the second and third vulnerabilities, according to FrSIRT. These could be exploited by attackers to cause portions of the memory to be disclosed in error messages.
More information about the fix can be found on MySQL's Web site at http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html