Multiple vulnerabilities has been found and corrected in mysql: MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b"" token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service by using this token in a SQL statement . MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified DATA DIRECTORY or INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079 . MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified DATA DIRECTORY or INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097 . Cross-site scripting vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document . bugs in the Mandriva Linux 2008.1 packages that has been fixed: o upstream fix for mysql bug35754 o fix #46116 o fix upstream bug 42366 bugs in the Mandriva Linux 2009.0 packages that has been fixed: o upgraded 5.0.67 to 5.0.77 o no need to workaround #38398, #44691 anymore o fix upstream bug 42366 o fix #46116 o sphinx-0.9.8.1 bugs in the Mandriva Linux Corporate Server 4 packages that has been fixed: o fix upstream bug 42366 o fix #46116 The updated packages have been patched to correct these issues.