Two vulnerabilities have been discovered in mysql, a common database system. Two scripts contained in the package don't create temporary files in a secure fashion. This could allow a local attacker to overwrite files with the privileges of the user invoking the MySQL server, which is often the root user. The Common Vulnerabilities and Exposures identifies the following problems:
The script mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack.
The script mysqld_multi in MySQL allows local users to overwrite arbitrary files via a symlink attack.
For the stable distribution (woody) these problems have been fixed in version 3.23.49-8.6.
For the unstable distribution (sid) these problems will be fixed in version 4.0.18-6 of mysql-dfsg.
We recommend that you upgrade your mysql, mysql-dfsg and related packages.