Conectiva: Security update to MySQL
Source: News Forge
The package shipped with Conectiva Linux 6.0 and older logs by default all queries made to the database to the /var/log/mysql file. This includes user creation, password changes via SQL commands and other queries. Our package incorrectly leaves the permissions of this file as world-readable (0644), thus allowing any user on the system access to potentially sensitive information.