As noted in the changelog for 5.6.34 at https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html, 5.6.34 contains a change that requires packaging changes and could potentially impact users:

By default the server will restrict the server's access for SELECT INTO OUTFILE and LOAD DATA operations to /var/lib/mysql-files, and requires the directory to be present at startup. This behavior can be changed at build-time to either turn such access off completely or make it unrestricted (current behavior).

We strongly recommend keeping the default behavior to improve the default security, i.e. change packaging to create the mysql-files directory. We're not aware of any other packages that rely on this functionality, but there is a risk of this change disrupting user workflows.

--
Lars

On 10/17/2016 10:05 AM, Norvald H. Ryeng wrote:
Source: mysql-5.6
Version: 5.6.30-1
Severity: grave
Tags: security upstream fixed-upstream

The Oracle Critical Patch Update for October 2016 will be released on Tuesday, October 18. According to the pre-release announcement [1], it will contain information about CVEs fixed in MySQL 5.6.34.

The CVE numbers will be available when the CPU is released.

Regards,

Norvald H. Ryeng

[1] http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

_______________________________________________
pkg-mysql-maint mailing list
pkg-mysql-ma...@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mysql-maint

Reply via email to