MySQL has issued a security update to fix three flaws that affect versions 4.0.26, 4.1.18, 5.0.20 and 5.1.9 of the company's database, according to security company FrSIRT.

FrSIRT rated the flaws as "moderate" and said they can be exploited both remotely and locally.

According to FrSIRT, the first flaw is due to a buffer overflow error in the "sql_base.cc" script." The vulnerability could be exploited by authenticated attackers to execute arbitrary commands, the security company said in its advisory.

Input validation errors in the "sql_parse.cc" file are the cause of the second and third vulnerabilities, according to FrSIRT. These could be exploited by attackers to cause portions of the memory to be disclosed in error messages.