Source: mysql-5.6
Version: 5.6.30-1
Severity: grave
Tags: security
Justification: user security hole
Hi
When installing myssql-server-5.6 in stretch and sid, then mysqld is
started and listend not binding on localhost only, but listen on *.
tcp LISTEN 0 80 :::mysql :::*
users:(("mysqld",pid=2810,fd=10))
This issue seems related to the switch to use the alternatives system for
my.cnf, now mysql-5.6 as well picking the mariadb.cnf in auto mode.
That one includes
!includedir /etc/mysql/conf.d/
!includedir /etc/mysql/mariadb.conf.d/
and thus the installation ends without
bind-address = 127.0.0.1
Regards,
Salvatore
_______________________________________________
Secure-testing-team mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
