[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

mysql-5.5 CVE-2016-6662


I had a look at CVE-2016-6662. Looks pretty simple to understand. Looks
like the ability for mysqld to create arbitrary log files - that may
overwrite/create config files with write permissions for the mysql user
- is a key factor.


Anyone been able to find the upstream changes that address this?

While it might be possible to find a resolution anyway, it is probably
worth looking at the upstream solution first.

Out of time now, will continue looking later.

Brian May <bam@debian.org>

Reply to: