Details here <https://www.percona.com/blog/2016/09/12/database-affected-cve-2016-6662/>. Initially reported here <http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html> . Summary of the suggested mitigation: *The vulnerability needs to be able to write to some MySQL configuration files. Prevent that and you are secure.* *Make sure you configure permissions for various config files as follows:* *- MySQL reads configuration files from different paths, including from your datadir* * * Create an (empty) my.cnf and .my.cnf in the datadir (usually /var/lib/mysql) and make root the owner/group with 0644 permissions.* * * Other Locations to look into: /etc/my.cnf /etc/mysql/my.cnf /usr/etc/my.cnf ~/.my.cnf ( mysqld --help --verbose shows you where mysqld will look)* *- This also includes !includedir paths defined in your current configurations — make sure they are not writeable by the mysql user as well* *- No config files should be writeable by the mysql user (change ownership and permissions)*