As noted in the changelog for 5.6.34 at, 5.6.34 contains a change that requires packaging changes and could potentially impact users:

By default the server will restrict the server's access for SELECT INTO OUTFILE and LOAD DATA operations to /var/lib/mysql-files, and requires the directory to be present at startup. This behavior can be changed at build-time to either turn such access off completely or make it unrestricted (current behavior).

We strongly recommend keeping the default behavior to improve the default security, i.e. change packaging to create the mysql-files directory. We're not aware of any other packages that rely on this functionality, but there is a risk of this change disrupting user workflows.


On 10/17/2016 10:05 AM, Norvald H. Ryeng wrote:
Source: mysql-5.6
Version: 5.6.30-1
Severity: grave
Tags: security upstream fixed-upstream

The Oracle Critical Patch Update for October 2016 will be released on Tuesday, October 18. According to the pre-release announcement [1], it will contain information about CVEs fixed in MySQL 5.6.34.

The CVE numbers will be available when the CPU is released.


Norvald H. Ryeng


pkg-mysql-maint mailing list

Reply via email to