Debian DSA-1997-1 High: MySQL Remote Exploit Risk Mitigation

Several vulnerabilities have been discovered in the MySQL
database server.
The Common Vulnerabilities and Exposures project identifies the
following problems:


CVE-2009-4019

Domas Mituzas discovered that mysqld does not properly handle errors during
execution of certain SELECT statements with subqueries, and does not preserve
certain null_value flags during execution of statements that use the
GeomFromWKB function, which allows remote authenticated users to cause a
denial of service (daemon crash) via a crafted statement.


CVE-2009-4030

Sergei Golubchik discovered that MySQL allows local users to bypass certain
privilege checks by calling CREATE TABLE on a MyISAM table with modified
DATA DIRECTORY or INDEX DIRECTORY arguments that are originally associated
with pathnames without symlinks, and that can point to tables created at
a future time at which a pathname is modified to contain a symlink to a
subdirectory of the MySQL data home directory.


CVE-2009-4484

Multiple stack-based buffer overflows in the...