The vulnerability allows a user with SELECT/FILE privileges to remotely or locally execute arbitrary code with root privileges. Currently undisclosed CVE-2016-6663 will demonstrate how to alter the configuration without FILE privileges.
Updates for packages with previous mysql/mariadb versions in distributions are not released yet (Ubuntu, Debian, RHEL, FreeBSD, CentOS, Fedora, SUSE). The vulnerability can be exploited even if security modules SELinux and AppArmor are installed with default active policies for MySQL service. But you could minimize the risks by following recommendations: