Description
* It was discovered that the MySQL logging functionality allowed writing to
MySQL configuration files. An administrative database user, or a database user
with FILE privileges, could possibly use this flaw to run arbitrary commands
with root privileges on the system running the database server. (CVE-2016-6662)
* A race condition was found in the way MySQL performed MyISAM engine table
repair. A database user with shell access to the server running mysqld could use
this flaw to change permissions of arbitrary files writable by the mysql system
user. (CVE-2016-6663, CVE-2016-5616)