This is probably of interest to many of you, and I've not seen it on the list yet.
Kenny Gryp's blog about the vulnerability is at https://www.percona.com/blog/2016/09/12/database-affected-cve-2016-6662/ . For those who use it, there's an ansible playbook to patch the workaround into mysqld_safe at https://github.com/meersjo/ansible-mysql-cve-2016-6662 . /Johan ----- Forwarded Message ----- From: "Percona" <em...@percona.com> To: perc...@tuxera.be Sent: Wednesday, 14 September, 2016 00:42:18 Subject: Update to Percona CVE-2016-6662 Vulnerability Communication Earlier yesterday, via blog post and email, we alerted people to CVE-2016-6662 . This vulnerability meant that certain Percona Server (and MySQL) scenarios could allow a remote root code execution. As of late 9/12, we added a new blog post that explains the vulnerability, if it affects you, how to prevent the vulnerability from affecting older versions of MySQL and which versions of Percona Server have been updated with a fix: Is Your Database Affected by CVE-2016-6662? Click through to that blog for more information on how to protect your environment from CVE-2016-6662. We will release an update to Percona XtraDB Cluster versions 5.5 and 5.6 with a fix for CVE-2016-6662 next week. In the meantime, the steps outlined in the “Configuration files permissions” section in the post above should protect your servers from the vulnerability. Contact us if you need more information or assistance . If you are a customer, please contact support via normal support channels . Thank You, Support Percona 8081 Arco Corporate Drive Suite 170 Raleigh, NC 27617 United States You received this email because you are subscribed to Tell Me Everything! from Percona. Update your email preferences to choose the types of emails you receive. Unsubscribe from all future emails -- Unhappiness is discouraged and will be corrected with kitten pictures. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql
