As noted in the changelog for 5.6.34 at
https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html,
5.6.34 contains a change that requires packaging changes and could
potentially impact users:
By default the server will restrict the server's access for SELECT INTO
OUTFILE and LOAD DATA operations to /var/lib/mysql-files, and requires
the directory to be present at startup.
This behavior can be changed at build-time to either turn such access
off completely or make it unrestricted (current behavior).
We strongly recommend keeping the default behavior to improve the
default security, i.e. change packaging to create the mysql-files
directory. We're not aware of any other packages that rely on this
functionality, but there is a risk of this change disrupting user workflows.
--
Lars
On 10/17/2016 10:05 AM, Norvald H. Ryeng wrote:
Source: mysql-5.6
Version: 5.6.30-1
Severity: grave
Tags: security upstream fixed-upstream
The Oracle Critical Patch Update for October 2016 will be released on
Tuesday, October 18. According to the pre-release announcement [1], it
will contain information about CVEs fixed in MySQL 5.6.34.
The CVE numbers will be available when the CPU is released.
Regards,
Norvald H. Ryeng
[1]
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
___
pkg-mysql-maint mailing list
pkg-mysql-ma...@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mysql-maint
