I had a look at CVE-2016-6662. Looks pretty simple to understand. Looks
like the ability for mysqld to create arbitrary log files - that may
overwrite/create config files with write permissions for the mysql user
- is a key factor.
Anyone been able to find the upstream changes that address this?
While it might be possible to find a resolution anyway, it is probably
worth looking at the upstream solution first.
Out of time now, will continue looking later.
Brian May <firstname.lastname@example.org>