[debian-mysql] Bug#841049: Bug#841049: Security fixes from the October 2016 CPU
Lars Tangvald
lars.tangvald at oracle.com
Mon Oct 17 09:30:18 UTC 2016
As noted in the changelog for 5.6.34 at
https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html,
5.6.34 contains a change that requires packaging changes and could
potentially impact users:
By default the server will restrict the server's access for SELECT INTO
OUTFILE and LOAD DATA operations to /var/lib/mysql-files, and requires
the directory to be present at startup.
This behavior can be changed at build-time to either turn such access
off completely or make it unrestricted (current behavior).
We strongly recommend keeping the default behavior to improve the
default security, i.e. change packaging to create the mysql-files
directory. We're not aware of any other packages that rely on this
functionality, but there is a risk of this change disrupting user workflows.
--
Lars
On 10/17/2016 10:05 AM, Norvald H. Ryeng wrote:
> Source: mysql-5.6
> Version: 5.6.30-1
> Severity: grave
> Tags: security upstream fixed-upstream
>
> The Oracle Critical Patch Update for October 2016 will be released on
> Tuesday, October 18. According to the pre-release announcement [1], it
> will contain information about CVEs fixed in MySQL 5.6.34.
>
> The CVE numbers will be available when the CPU is released.
>
> Regards,
>
> Norvald H. Ryeng
>
> [1]
> http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
>
> _______________________________________________
> pkg-mysql-maint mailing list
> pkg-mysql-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mysql-maint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20161017/880adcb4/attachment-0001.html>
More information about the pkg-mysql-maint
mailing list