mysql - multiple

Several vulnerabilities have been found in the MySQL database packages
with implications ranging from unauthorized database modifications to
remotely triggered server crashes. The Common Vulnerabilities and Exposures
project identifies the following problems:

• CVE-2007-2583
  The in_decimal::set function in item_cmpfunc.cc in MySQL
  before 5.0.40 allows context-dependent attackers to cause a
  denial of service (crash) via a crafted IF clause that results
  in a divide-by-zero error and a NULL pointer dereference.
  (Affects source version 5.0.32.)
• CVE-2007-2691
  MySQL does not require the DROP privilege for RENAME TABLE
  statements, which allows remote authenticated users to rename
  arbitrary tables. (All supported versions affected.)
• CVE-2007-2692
  The mysql_change_db function does not restore THD::db_access
  privileges when returning from SQL SECURITY INVOKER stored
  routines, which allows remote authenticated users to gain
  privileges. (Affects source version 5.0.32.)
• CVE-2007-3780
  MySQL could be made to overflow a signed char during
  authentication. Remote attackers could use specially crafted
  authentication requests to cause a denial of
  service. (Upstream source versions 4.1.11a and 5.0.32
  affected.)
• CVE-2007-3782
  Phil Anderton discovered that MySQL did not properly verify
  access privileges when accessing external tables. As a result,
  authenticated users could exploit this to obtain UPDATE
  privileges to external tables. (Affects source version
  5.0.32.)
• CVE-2007-5925
  The convert_search_mode_to_innobase function in ha_innodb.cc
  in the InnoDB engine in MySQL 5.1.23-BK and earlier allows
  remote authenticated users to cause a denial of service
  (database crash) via a certain CONTAINS operation on an
  indexed column, which triggers an assertion error. (Affects
  source version 5.0.32.)

For the old stable distribution (sarge), these problems have been fixed in
version 4.0.24-10sarge3 of mysql-dfsg and version 4.1.11a-4sarge8 of
mysql-dfsg-4.1.

For the stable distribution (etch), these problems have been fixed in
version 5.0.32-7etch3 of the mysql-dfsg-5.0 packages.

We recommend that you upgrade your mysql packages.